From df31d6f5ec7aeabdccdf6a23eb946e9ce014832b Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Tue, 3 Mar 2020 11:16:58 +0100
Subject: switch to next snapshot version
---
eaaf_core/pom.xml | 2 +-
eaaf_core_api/pom.xml | 2 +-
eaaf_core_utils/pom.xml | 2 +-
eaaf_modules/eaaf_module_auth_sl20/pom.xml | 2 +-
eaaf_modules/eaaf_module_moa-sig/pom.xml | 2 +-
eaaf_modules/eaaf_module_pvp2_core/pom.xml | 2 +-
eaaf_modules/eaaf_module_pvp2_idp/pom.xml | 2 +-
eaaf_modules/eaaf_module_pvp2_sp/pom.xml | 2 +-
eaaf_modules/pom.xml | 2 +-
pom.xml | 2 +-
10 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml
index bf6c5b47..f41463df 100644
--- a/eaaf_core/pom.xml
+++ b/eaaf_core/pom.xml
@@ -4,7 +4,7 @@
at.gv.egiz
eaaf
- 1.1.0
+ 1.1.1-SNAPSHOT
at.gv.egiz.eaaf
diff --git a/eaaf_core_api/pom.xml b/eaaf_core_api/pom.xml
index fd23f1c8..7f688734 100644
--- a/eaaf_core_api/pom.xml
+++ b/eaaf_core_api/pom.xml
@@ -7,7 +7,7 @@
at.gv.egiz
eaaf
- 1.1.0
+ 1.1.1-SNAPSHOT
at.gv.egiz.eaaf
eaaf_core_api
diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml
index fa5fa412..1f5467ab 100644
--- a/eaaf_core_utils/pom.xml
+++ b/eaaf_core_utils/pom.xml
@@ -7,7 +7,7 @@
at.gv.egiz
eaaf
- 1.1.0
+ 1.1.1-SNAPSHOT
at.gv.egiz.eaaf
eaaf_core_utils
diff --git a/eaaf_modules/eaaf_module_auth_sl20/pom.xml b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
index 81611aff..9b237b78 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/pom.xml
+++ b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
@@ -6,7 +6,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.0
+ 1.1.1-SNAPSHOT
eaaf_module_auth_sl20
Generic SL2.0 authentication
diff --git a/eaaf_modules/eaaf_module_moa-sig/pom.xml b/eaaf_modules/eaaf_module_moa-sig/pom.xml
index 11b8cfd9..b9dd49f6 100644
--- a/eaaf_modules/eaaf_module_moa-sig/pom.xml
+++ b/eaaf_modules/eaaf_module_moa-sig/pom.xml
@@ -5,7 +5,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.0
+ 1.1.1-SNAPSHOT
eaaf_module_moa-sig
MOA-Sig signature verification module
diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
index 31110bfd..32d66501 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
@@ -7,7 +7,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.0
+ 1.1.1-SNAPSHOT
eaaf_module_pvp2_core
eaaf_module_pvp2_core
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
index ffda330d..cf833f67 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
@@ -5,7 +5,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.0
+ 1.1.1-SNAPSHOT
eaaf_module_pvp2_idp
eaaf_module_pvp2_idp
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
index 69eb26ab..b936f307 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
@@ -5,7 +5,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.0
+ 1.1.1-SNAPSHOT
eaaf_module_pvp2_sp
eaaf_module_pvp2_sp
diff --git a/eaaf_modules/pom.xml b/eaaf_modules/pom.xml
index 228a41cf..3addb4b5 100644
--- a/eaaf_modules/pom.xml
+++ b/eaaf_modules/pom.xml
@@ -4,7 +4,7 @@
at.gv.egiz
eaaf
- 1.1.0
+ 1.1.1-SNAPSHOT
at.gv.egiz.eaaf
diff --git a/pom.xml b/pom.xml
index 37e25f66..0ce897ec 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
4.0.0
at.gv.egiz
eaaf
- 1.1.0
+ 1.1.1-SNAPSHOT
pom
EGIZ EAAF components
--
cgit v1.2.3
From 0ee672f95f27b26eddc127e6d358e1e6d462b020 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Wed, 4 Mar 2020 14:11:41 +0100
Subject: add "remoteHost" information into TransactionIdUtils rename MDC
variables for Logging
---
.../eaaf/core/impl/utils/TransactionIdUtils.java | 31 +++++++++++++++++++---
1 file changed, 27 insertions(+), 4 deletions(-)
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
index 4cbcfa70..5a26eea3 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
@@ -29,21 +29,25 @@ import at.gv.egiz.eaaf.core.api.IRequest;
*/
public class TransactionIdUtils {
- // MDC variables for logging
/**
* To correlate technical logs over one single transactions.
*/
- public static final String MDC_TRANSACTION_ID = "transactionId";
+ public static final String MDC_TRANSACTION_ID = "transactionid";
/**
* To correlate technical logs over a set of transactions, like SSO.
*/
- public static final String MDC_SESSION_ID = "sessionId";
+ public static final String MDC_SESSION_ID = "sessionid";
/**
* Unique application identifier that is processed in this transaction.
*/
- public static final String MDC_SERVICEPROVIDER_ID = "oaId";
+ public static final String MDC_SERVICEPROVIDER_ID = "oaid";
+
+ /**
+ * Unique application identifier that is processed in this transaction.
+ */
+ public static final String MDC_REMOTEHOST = "remoteHost";
/**
* Set all MDC variables from pending request to this threat context.
@@ -67,6 +71,7 @@ public class TransactionIdUtils {
removeSessionId();
removeTransactionId();
removeServiceProviderId();
+ removeRemoteHost();
}
@@ -135,5 +140,23 @@ public class TransactionIdUtils {
}
+ /**
+ * Set remoteHost information to correlate technical logs.
+ *
+ * @param remoteHost IP address of the remote host
+ */
+ public static void setRemoteHost(final String remoteHost) {
+ org.slf4j.MDC.put(MDC_REMOTEHOST, remoteHost);
+
+ }
+
+ /**
+ * Remove remoteHost for Logging.
+ */
+ public static void removeRemoteHost() {
+ org.slf4j.MDC.remove(MDC_REMOTEHOST);
+
+ }
+
}
--
cgit v1.2.3
From d08a5df42ece34b58109d4cea3b88ca52e4bdb45 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Tue, 10 Mar 2020 13:55:12 +0100
Subject: move attribute definition for mandateId into another class
---
.../egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java | 3 +++
.../at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java | 7 +------
2 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java
index b6f602d2..727c360c 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java
@@ -49,4 +49,7 @@ public interface ExtendedPvpAttributeDefinitions extends PvpAttributeDefinitions
String EID_MIS_MANDATE_NAME = "urn:eidgvat:attributes.mis.mandate";
String EID_MIS_MANDATE_FRIENDLY_NAME = "mandate";
+ String EID_MIS_MANDATE_IDENTIFIER_NAME = "urn:eidgvat:attributes.mis.mandate.id";
+ String EID_MIS_MANDATE_IDENTIFIER_FRIENDLY_NAME = "mandate-identifier";
+
}
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java
index 2a9a8317..793715f1 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java
@@ -137,7 +137,7 @@ public interface PvpAttributeDefinitions {
IDENTITY("http://eid.gv.at/eID/status/identity"), TESTIDENTITY("http://eid.gv.at/eID/status/testidentity"),
SYSTEM("http://eid.gv.at/eID/status/system");
- private String uri;
+ private final String uri;
EidIdentityStatusLevelValues(final String uri) {
this.uri = uri;
@@ -311,11 +311,6 @@ public interface PvpAttributeDefinitions {
String MANDATE_REFERENCE_VALUE_FRIENDLY_NAME = "MANDATE-REFERENCE-VALUE";
int MANDATE_REFERENCE_VALUE_MAX_LENGTH = 100;
- String MANDATE_IDENTIFIER_OID = "1.2.40.0.10.2.1.1.261.91";
- String MANDATE_IDENTIFIER_FRIENDLY_NAME = "MANDATE-IDENTIFIER";
- String MANDATE_IDENTIFIER_NAME = URN_OID_PREFIX + MANDATE_IDENTIFIER_OID;
- int MANDATE_IDENTIFIER_MAX_LENGTH = 256;
-
@Deprecated
String MANDATE_FULL_MANDATE_OID = "1.2.40.0.10.2.1.1.261.92";
@Deprecated
--
cgit v1.2.3
From 90705b721d49c61e6d7a698fd66aa951470e9dc0 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Tue, 10 Mar 2020 13:56:48 +0100
Subject: Change internal representation of IssuerInstant from String to Date
---
.../eaaf/core/impl/idp/AuthenticationData.java | 3 +-
.../impl/idp/auth/data/AuthProcessDataWrapper.java | 85 +++++++++++++++++-----
.../idp/auth/data/IAuthProcessDataContainer.java | 15 +++-
3 files changed, 80 insertions(+), 23 deletions(-)
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java
index a6fe5ff0..7b7aaa36 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java
@@ -48,6 +48,7 @@ public class AuthenticationData implements IAuthData, Serializable {
private static final long serialVersionUID = -1042697056735596866L;
public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
+ public static final String ISSUE_INSTANT_DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
private boolean isBaseIdTransferRestrication = true;
private final Map genericDataStorate = new HashedMap<>();
@@ -112,7 +113,7 @@ public class AuthenticationData implements IAuthData, Serializable {
@Override
public String getAuthenticationIssueInstantString() {
- final SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+ final SimpleDateFormat f = new SimpleDateFormat(ISSUE_INSTANT_DATE_FORMAT);
f.setTimeZone(TimeZone.getTimeZone("UTC"));
return f.format(this.issueInstant);
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
index 988a78b6..30144546 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
@@ -19,12 +19,15 @@
package at.gv.egiz.eaaf.core.impl.idp.auth.data;
+import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.TimeZone;
+import javax.annotation.Nullable;
+
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.idp.EaafAuthProcessDataConstants;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
@@ -39,6 +42,8 @@ public class AuthProcessDataWrapper
implements IAuthProcessDataContainer, EaafAuthProcessDataConstants {
private static final Logger log = LoggerFactory.getLogger(AuthProcessDataWrapper.class);
+ public final static String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
+
protected Map authProcessData;
public AuthProcessDataWrapper(final Map authProcessData) {
@@ -46,6 +51,11 @@ public class AuthProcessDataWrapper
}
+ @Override
+ public Date getIssueInstant() {
+ return wrapStoredObject(VALUE_ISSUEINSTANT, null, Date.class);
+ }
+
/*
* (non-Javadoc)
*
@@ -53,8 +63,9 @@ public class AuthProcessDataWrapper
* at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant()
*/
@Override
- public String getIssueInstant() {
- return wrapStringObject(VALUE_ISSUEINSTANT, null, String.class);
+ public String getIssueInstantString() {
+ return buildDateTimeUtcString(
+ wrapStoredObject(VALUE_ISSUEINSTANT, null, Date.class));
}
/*
@@ -66,7 +77,8 @@ public class AuthProcessDataWrapper
*/
@Override
public void setIssueInstant(final String issueInstant) {
- authProcessData.put(VALUE_ISSUEINSTANT, issueInstant);
+ authProcessData.put(VALUE_ISSUEINSTANT,
+ buildDateTimeUtcDate(issueInstant));
}
@@ -79,7 +91,7 @@ public class AuthProcessDataWrapper
*/
@Override
public void setIssueInstant(final Date issueInstant) {
- authProcessData.put(VALUE_ISSUEINSTANT, buildDateTimeUtc(issueInstant));
+ authProcessData.put(VALUE_ISSUEINSTANT, issueInstant);
}
@@ -91,7 +103,7 @@ public class AuthProcessDataWrapper
*/
@Override
public boolean isAuthenticated() {
- return wrapStringObject(FLAG_IS_AUTHENTICATED, false, Boolean.class);
+ return wrapStoredObject(FLAG_IS_AUTHENTICATED, false, Boolean.class);
}
@@ -116,7 +128,7 @@ public class AuthProcessDataWrapper
*/
@Override
public IIdentityLink getIdentityLink() {
- return wrapStringObject(VALUE_IDENTITYLINK, null, IIdentityLink.class);
+ return wrapStoredObject(VALUE_IDENTITYLINK, null, IIdentityLink.class);
}
@@ -141,7 +153,7 @@ public class AuthProcessDataWrapper
*/
@Override
public boolean isMandateUsed() {
- return wrapStringObject(FLAG_USE_MANDATE, false, Boolean.class);
+ return wrapStoredObject(FLAG_USE_MANDATE, false, Boolean.class);
}
/*
@@ -164,7 +176,7 @@ public class AuthProcessDataWrapper
*/
@Override
public String getQaaLevel() {
- return wrapStringObject(VALUE_QAALEVEL, null, String.class);
+ return wrapStoredObject(VALUE_QAALEVEL, null, String.class);
}
/*
@@ -187,7 +199,7 @@ public class AuthProcessDataWrapper
*/
@Override
public boolean isForeigner() {
- return wrapStringObject(FLAG_IS_FOREIGNER, false, Boolean.class);
+ return wrapStoredObject(FLAG_IS_FOREIGNER, false, Boolean.class);
}
/*
@@ -209,7 +221,7 @@ public class AuthProcessDataWrapper
*/
@Override
public boolean isOW() {
- return wrapStringObject(FLAG_IS_ORGANWALTER, false, Boolean.class);
+ return wrapStoredObject(FLAG_IS_ORGANWALTER, false, Boolean.class);
}
/*
@@ -225,7 +237,7 @@ public class AuthProcessDataWrapper
@Override
public boolean isEidProcess() {
- return wrapStringObject(FLAG_IS_NEW_EID_PROCESS, false, Boolean.class);
+ return wrapStoredObject(FLAG_IS_NEW_EID_PROCESS, false, Boolean.class);
}
@Override
@@ -242,7 +254,7 @@ public class AuthProcessDataWrapper
*/
@Override
public Date getSessionCreated() {
- return wrapStringObject(EaafConstants.AUTH_DATA_CREATED, null, Date.class);
+ return wrapStoredObject(EaafConstants.AUTH_DATA_CREATED, null, Date.class);
}
/*
@@ -283,7 +295,7 @@ public class AuthProcessDataWrapper
*/
@Override
public T getGenericDataFromSession(final String key, final Class clazz) {
- return wrapStringObject(GENERIC_PREFIX + key, null, clazz);
+ return wrapStoredObject(GENERIC_PREFIX + key, null, clazz);
}
/*
@@ -299,7 +311,7 @@ public class AuthProcessDataWrapper
}
- protected T wrapStringObject(final String key, final Object defaultValue,
+ protected T wrapStoredObject(final String key, final Object defaultValue,
final Class clazz) {
if (StringUtils.isNotEmpty(key)) {
final Object obj = authProcessData.get(key);
@@ -322,16 +334,49 @@ public class AuthProcessDataWrapper
}
/**
- * Builds a dateTime
value in UTC from a Calendar
value.
+ * Builds a {@link String} dateTime value in UTC from a {@link Date} value.
*
- * @param date the Calendar
value
- * @return the dateTime
value
+ * @param date the {@link Date} that should be transformed
+ * @return The {@link String} representation of the date in
+ * yyyy-MM-dd'T'HH:mm:ss'Z'
, or null
if {@link Date} was null
*/
- public static String buildDateTimeUtc(final Date date) {
+ @Nullable
+ public static String buildDateTimeUtcString(@Nullable final Date date) {
+ if (date == null) {
+ return null;
- final SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
- f.setTimeZone(TimeZone.getTimeZone("UTC"));
+ }
+ final SimpleDateFormat f = new SimpleDateFormat(PATTERN_ISSUE_INSTANT);
+ f.setTimeZone(TimeZone.getTimeZone("UTC"));
return f.format(date.getTime());
+
}
+
+ /**
+ * Builds a {@link String} dateTime value in UTC from a {@link Date} value.
+ *
+ * @param date the {@link String} in yyyy-MM-dd'T'HH:mm:ss'Z'
+ * format that should be transformed
+ * @return The {@link Date} representation of the date, otherwise null
+ * if input parameter was null
or invalid
+ */
+ @Nullable
+ public static Date buildDateTimeUtcDate(@Nullable final String date) {
+ final SimpleDateFormat f = new SimpleDateFormat(PATTERN_ISSUE_INSTANT);
+ try {
+ if (date != null) {
+ return f.parse(date);
+
+ }
+
+ } catch (final ParseException e) {
+ log.error("Can NOT parse Date from String: {}", date, null, e);
+
+ }
+
+ return null;
+
+ }
+
}
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
index 6c7292ac..bb1a28bf 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
@@ -31,12 +31,23 @@ public interface IAuthProcessDataContainer {
*
* @return The issuing time of the AUTH-Block SAML assertion.
*/
- String getIssueInstant();
+ Date getIssueInstant();
+
+ /**
+ * Returns the issuing time of the AUTH-Block SAML assertion.
+ *
+ *{@link String} representation uses pattern:
+ * yyyy-MM-dd'T'HH:mm:ss'Z'
+ *
+ * @return The issuing time of the AUTH-Block SAML assertion.
+ */
+ String getIssueInstantString();
/**
* Sets the issuing time of the AUTH-Block SAML assertion.
*
- * @param issueInstant The issueInstant to set.
+ * @param issueInstant The issueInstant with pattern:
+ * yyyy-MM-dd'T'HH:mm:ss'Z'
to set.
*/
void setIssueInstant(String issueInstant);
--
cgit v1.2.3
From 56f6da9375ca0467d0087893516325c0f5608ea6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Tue, 10 Mar 2020 13:58:02 +0100
Subject: rename MDC variables for Session- and TransactionIds
---
.../eaaf/core/impl/utils/TransactionIdUtils.java | 24 +++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
index 5a26eea3..4c1601c0 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
@@ -19,6 +19,8 @@
package at.gv.egiz.eaaf.core.impl.utils;
+import java.util.UUID;
+
import at.gv.egiz.eaaf.core.api.IRequest;
/**
@@ -32,17 +34,17 @@ public class TransactionIdUtils {
/**
* To correlate technical logs over one single transactions.
*/
- public static final String MDC_TRANSACTION_ID = "transactionid";
+ public static final String MDC_TRANSACTION_ID = "transactionId";
/**
* To correlate technical logs over a set of transactions, like SSO.
*/
- public static final String MDC_SESSION_ID = "sessionid";
+ public static final String MDC_SESSION_ID = "sessionId";
/**
* Unique application identifier that is processed in this transaction.
*/
- public static final String MDC_SERVICEPROVIDER_ID = "oaid";
+ public static final String MDC_SERVICEPROVIDER_ID = "oaId";
/**
* Unique application identifier that is processed in this transaction.
@@ -103,6 +105,14 @@ public class TransactionIdUtils {
}
+ /**
+ * Set new random transactionId as an UUID.
+ */
+ public static void setTransactionId() {
+ org.slf4j.MDC.put(MDC_TRANSACTION_ID, UUID.randomUUID().toString());
+
+ }
+
/**
* Set Id to correlate technical logs over one single transactions.
*
@@ -121,6 +131,14 @@ public class TransactionIdUtils {
}
+ /**
+ * Set a new random SessionId as UUID.
+ */
+ public static void setSessionId() {
+ org.slf4j.MDC.put(MDC_SESSION_ID, UUID.randomUUID().toString());
+
+ }
+
/**
* Set Id to correlate technical logs over a set of transactions, like SSO.
*
--
cgit v1.2.3
From 19bc544de503af5992d045a699a1f2bcc1eaf505 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Tue, 10 Mar 2020 13:58:43 +0100
Subject: inject X509 certificates into JOSE signature-verification response if
available
---
.../java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
index 1b1f090f..ccb650b3 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
@@ -230,7 +230,7 @@ public class JsonSecurityUtils implements IJoseTools {
jws.setKey(selectedKey);
// load payLoad
- return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), null, jws.verifySignature());
+ return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), x5cCerts, jws.verifySignature());
}
--
cgit v1.2.3
From f95a1fb3982395ccbc7e139cb5bd8a1c106bbb48 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Wed, 11 Mar 2020 12:46:45 +0100
Subject: refactor HttpClientFactory.java to build HTTP clients with different
authentication mechanisms
---
.../services/ProtocolAuthenticationService.java | 2 +-
.../impl/idp/controller/protocols/RequestImpl.java | 2 +-
.../core/impl/idp/auth/DummyHttpClientFactory.java | 12 +-
eaaf_core_utils/pom.xml | 10 +
.../impl/http/EaafSslKeySelectionStrategy.java | 50 +++
.../core/impl/http/HttpClientConfiguration.java | 191 +++++++++++
.../eaaf/core/impl/http/HttpClientFactory.java | 360 ++++++++++++++++++++
.../at/gv/egiz/eaaf/core/impl/http/HttpUtils.java | 194 +++++++++++
.../eaaf/core/impl/http/IHttpClientFactory.java | 43 +++
.../eaaf/core/impl/utils/HttpClientFactory.java | 370 ---------------------
.../at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java | 118 -------
.../eaaf/core/impl/utils/IHttpClientFactory.java | 24 --
.../messages/eaaf_utils_message.properties | 5 +-
.../src/main/resources/spring/eaaf_utils.beans.xml | 4 +-
.../eaaf/core/test/http/HttpClientFactoryTest.java | 328 ++++++++++++++++++
.../tasks/AbstractCreateQualEidRequestTask.java | 2 +-
.../modules/pvp2/test/binding/PostBindingTest.java | 2 +-
.../pvp2/test/binding/RedirectBindingTest.java | 2 +-
.../pvp2/test/dummy/DummyMetadataProvider.java | 2 +-
.../pvp2/test/metadata/ChainingMetadataTest.java | 2 +-
.../pvp2/test/metadata/MetadataResolverTest.java | 2 +-
.../test/resources/spring/test_eaaf_core.beans.xml | 2 +-
pom.xml | 8 +-
23 files changed, 1208 insertions(+), 527 deletions(-)
create mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java
create mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java
create mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
create mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
create mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java
delete mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
delete mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java
delete mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java
create mode 100644 eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
index 817c7aa2..4c82adac 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
@@ -70,8 +70,8 @@ import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration;
+import at.gv.egiz.eaaf.core.impl.http.HttpUtils;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egiz.eaaf.core.impl.utils.HttpUtils;
@Service
public class ProtocolAuthenticationService implements IProtocolAuthenticationService {
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
index adc8774a..f4494106 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
@@ -40,8 +40,8 @@ import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.http.HttpUtils;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
-import at.gv.egiz.eaaf.core.impl.utils.HttpUtils;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;
import org.apache.commons.lang3.StringUtils;
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/DummyHttpClientFactory.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/DummyHttpClientFactory.java
index 9a924f83..6aea52ac 100644
--- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/DummyHttpClientFactory.java
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/DummyHttpClientFactory.java
@@ -1,8 +1,10 @@
package at.gv.egiz.eaaf.core.impl.idp.auth;
-import org.apache.http.impl.client.CloseableHttpClient;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
+import org.apache.http.impl.client.CloseableHttpClient;
public class DummyHttpClientFactory implements IHttpClientFactory {
@@ -18,4 +20,10 @@ public class DummyHttpClientFactory implements IHttpClientFactory {
return null;
}
+ @Override
+ public CloseableHttpClient getHttpClient(HttpClientConfiguration config) throws EaafException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml
index 1f5467ab..681152f7 100644
--- a/eaaf_core_utils/pom.xml
+++ b/eaaf_core_utils/pom.xml
@@ -100,6 +100,16 @@
guava
test
+
+ com.squareup.okhttp3
+ mockwebserver
+ test
+
+
+ com.squareup.okhttp3
+ okhttp-tls
+ test
+
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java
new file mode 100644
index 00000000..1e1e2137
--- /dev/null
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java
@@ -0,0 +1,50 @@
+package at.gv.egiz.eaaf.core.impl.http;
+
+import java.net.Socket;
+import java.util.Map;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.http.ssl.PrivateKeyDetails;
+import org.apache.http.ssl.PrivateKeyStrategy;
+
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * Private Key selection implementation for Apache HTTP clients.
+ *
+ * @author tlenz
+ *
+ */
+@Slf4j
+public class EaafSslKeySelectionStrategy implements PrivateKeyStrategy {
+
+ private final String keyAlias;
+
+ /**
+ * Private Key selection implementation for Apache HTTP clients.
+ *
+ * @param alias Alias of the Key that should be used for SSL client authentication.
+ */
+ public EaafSslKeySelectionStrategy(String alias) {
+ this.keyAlias = alias;
+
+ }
+
+ @Override
+ public String chooseAlias(Map aliases, Socket socket) {
+ log.trace("Selection SSL client-auth key for alias: {}", keyAlias);
+ final PrivateKeyDetails selected = aliases.get(keyAlias);
+ if (selected != null) {
+ log.trace("Select SL client-auth key with type:", selected.getType());
+ return keyAlias;
+
+ } else {
+ log.warn("KeyStore contains NO key with alias: {}. Using first key from keystore", keyAlias);
+ log.info("Available aliases: {}", StringUtils.join(aliases.keySet(), ", "));
+ return aliases.keySet().iterator().next();
+
+ }
+
+ }
+
+}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java
new file mode 100644
index 00000000..582ad545
--- /dev/null
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java
@@ -0,0 +1,191 @@
+package at.gv.egiz.eaaf.core.impl.http;
+
+import java.text.MessageFormat;
+import java.util.UUID;
+
+import javax.annotation.Nonnull;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+
+import org.apache.commons.lang3.StringUtils;
+
+import lombok.Getter;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+@Getter
+public class HttpClientConfiguration {
+
+ private static final String MSG_KEYSTORE_NAME = "KeyStore for httpClient: {0}";
+
+ private static final String ERROR_00 = "internal.httpclient.00";
+ private static final String ERROR_01 = "internal.httpclient.01";
+ private static final String ERROR_02 = "internal.httpclient.02";
+
+ @Nonnull
+ private final String friendlyName;
+
+ @Nonnull
+ private final String uuid;
+
+ @Nonnull
+ private ClientAuthMode authMode = ClientAuthMode.NONE;
+
+ @Setter
+ private String username;
+
+ @Setter
+ private String password;
+
+ @Setter
+ boolean disableHostnameValidation = false;
+
+ @Setter
+ boolean disableTlsHostCertificateValidation = false;
+
+
+ private KeyStoreConfiguration keyStoreConfig;
+
+ @Setter
+ private String sslKeyAlias;
+
+ @Setter
+ private String sslKeyPassword;
+
+ @Setter
+ private boolean followHttpRedirects = true;
+
+ /**
+ * Get a new HTTP-client configuration object.
+ *
+ * @param name FriendlyName of this http client for logging purposes.
+ */
+ public HttpClientConfiguration(String name) {
+ this.friendlyName = name;
+ this.uuid = UUID.randomUUID().toString();
+
+ }
+
+ /**
+ * Set Client authentication-mode from configuration property.
+ *
+ * If the mode is unknown than the {@link ClientAuthMode} is set to NONE
+ *
+ * @param authModeString Modes from {@link ClientAuthMode}
+ */
+ public void setAuthMode(String authModeString) {
+ final ClientAuthMode configAuthMode = HttpClientConfiguration.ClientAuthMode.fromString(authModeString);
+ if (configAuthMode != null) {
+ authMode = configAuthMode;
+
+ } else {
+ log.warn("Can Not parse ClientAuthMode for client: {}! Set mode to default value",
+ friendlyName);
+
+ }
+ }
+
+
+ /**
+ * Validate the internal state of this configuration object.
+ *
+ * @throws EaafConfigurationException In case of a configuration error
+ */
+ public void validate() throws EaafConfigurationException {
+ log.trace("Validating http-client: {}", this.friendlyName);
+ if (this.authMode.equals(ClientAuthMode.PASSWORD)) {
+ if (StringUtils.isEmpty(this.username)) {
+ throw new EaafConfigurationException(ERROR_00, new Object[] {this.friendlyName});
+
+ }
+
+ if (StringUtils.isEmpty(this.password)) {
+ log.warn("Http basic authentication was activated but NOT username was set!");
+
+ }
+
+ } else if (this.authMode.equals(ClientAuthMode.SSL)) {
+ if (this.keyStoreConfig == null) {
+ throw new EaafConfigurationException(ERROR_01, new Object[] {this.friendlyName});
+
+ } else {
+ log.trace("Validating KeyStore: {} for http-client: {} ...",
+ this.keyStoreConfig.getFriendlyName(), this.friendlyName);
+ this.keyStoreConfig.validate();
+
+ }
+
+ if (StringUtils.isEmpty(this.sslKeyPassword)) {
+ throw new EaafConfigurationException(ERROR_02, new Object[] {
+ this.friendlyName, this.keyStoreConfig.getFriendlyName()});
+
+ }
+ }
+
+ }
+
+ /**
+ * Build a {@link KeyStoreConfiguration} object from configuration parameters.
+ *
+ * @param keyStoreType String based KeyStore type
+ * @param keyStorePath Path to KeyStore in case of a software based KeyStore
+ * @param keyStorePassword Password in case of a software based KeyStore
+ * @param keyStoreName Name of the KeyStore in case of a named KeyStore like HSM-Facade
+ * @throws EaafConfigurationException In case of a configuration error
+ */
+ public void buildKeyStoreConfig(String keyStoreType, String keyStorePath,
+ String keyStorePassword, String keyStoreName) throws EaafConfigurationException {
+ final KeyStoreConfiguration config = new KeyStoreConfiguration();
+ config.setKeyStoreType(keyStoreType);
+ config.setFriendlyName(MessageFormat.format(MSG_KEYSTORE_NAME, friendlyName));
+ config.setSoftKeyStoreFilePath(keyStorePath);
+ config.setSoftKeyStorePassword(keyStorePassword);
+ config.setKeyStoreName(keyStoreName);
+ this.keyStoreConfig = config;
+
+ }
+
+ public enum ClientAuthMode {
+ NONE("none"), PASSWORD("password"), SSL("ssl");
+
+ private final String mode;
+
+ ClientAuthMode(final String mode) {
+ this.mode = mode;
+ }
+
+ /**
+ * Get the PVP mode.
+ *
+ * @return
+ */
+ public String getMode() {
+ return this.mode;
+ }
+
+ /**
+ * Get http-client authentication mode from String representation.
+ *
+ * @param s Config parameter
+ * @return
+ */
+ public static ClientAuthMode fromString(final String s) {
+ try {
+ return ClientAuthMode.valueOf(s.toUpperCase());
+
+ } catch (IllegalArgumentException | NullPointerException e) {
+ return null;
+ }
+ }
+
+ @Override
+ public String toString() {
+ return getMode();
+
+ }
+
+ }
+
+}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
new file mode 100644
index 00000000..b6e660da
--- /dev/null
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
@@ -0,0 +1,360 @@
+package at.gv.egiz.eaaf.core.impl.http;
+
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.annotation.Nonnull;
+import javax.annotation.PostConstruct;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.http.HttpRequest;
+import org.apache.http.HttpResponse;
+import org.apache.http.ProtocolException;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.CredentialsProvider;
+import org.apache.http.client.RedirectStrategy;
+import org.apache.http.client.config.RequestConfig;
+import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.http.config.Registry;
+import org.apache.http.config.RegistryBuilder;
+import org.apache.http.conn.socket.ConnectionSocketFactory;
+import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
+import org.apache.http.conn.socket.PlainConnectionSocketFactory;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.BasicCredentialsProvider;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.DefaultRedirectStrategy;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.apache.http.protocol.HttpContext;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class HttpClientFactory implements IHttpClientFactory {
+
+ @Autowired
+ private IConfiguration basicConfig;
+ @Autowired
+ private EaafKeyStoreFactory keyStoreFactory;
+
+ private static final String ERROR_03 = "internal.httpclient.03";
+
+ public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE =
+ "client.http.connection.pool.use";
+ public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL =
+ "client.http.connection.pool.maxtotal";
+ public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE =
+ "client.http.connection.pool.maxperroute";
+ public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET =
+ "client.http.connection.timeout.socket";
+ public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION =
+ "client.http.connection.timeout.connection";
+ public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST =
+ "client.http.connection.timeout.request";
+ public static final String PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL =
+ "client.http.ssl.hostnameverifier.trustall";
+
+ public static final String PROP_CONFIG_CLIENT_MODE = "client.authmode";
+ public static final String PROP_CONFIG_CLIENT_AUTH_HTTP_USERNAME = "client.auth.http.username";
+ public static final String PROP_CONFIG_CLIENT_AUTH_HTTP_PASSORD = "client.auth.http.password";
+ public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH =
+ "client.auth.ssl.keystore.path";
+ public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD =
+ "client.auth.ssl.keystore.password";
+ private static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME =
+ "client.auth.ssl.keystore.name";
+ public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE =
+ "client.auth.ssl.keystore.type";
+ public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_ALIAS =
+ "client.auth.ssl.key.alias";
+ public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD =
+ "client.auth.ssl.key.password";
+
+ // default configuration values
+ public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET = "15";
+ public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION = "15";
+ public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST = "30";
+ public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL = "500";
+ public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE = "100";
+
+ private String defaultConfigurationId = null;
+ private final Map availableBuilders = new HashMap<>();
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory#getHttpClient()
+ */
+ @Override
+ public CloseableHttpClient getHttpClient() {
+ return getHttpClient(true);
+
+ }
+
+ @Override
+ public CloseableHttpClient getHttpClient(final boolean followRedirects) {
+ return availableBuilders.get(defaultConfigurationId).setRedirectStrategy(
+ buildRedirectStrategy(followRedirects)).build();
+
+ }
+
+ @Override
+ public CloseableHttpClient getHttpClient(@Nonnull HttpClientConfiguration config) throws EaafException {
+ log.trace("Build http client for: {}", config.getFriendlyName());
+ HttpClientBuilder builder = null;
+ if (availableBuilders.containsKey(config.getUuid())) {
+ builder = availableBuilders.get(config.getUuid());
+
+ } else {
+ log.debug("Initialize new http-client builder for: {}", config.getFriendlyName());
+
+ //validate configuration object
+ config.validate();
+
+ builder = HttpClients.custom();
+ builder.setDefaultRequestConfig(buildDefaultRequestConfig());
+
+ //inject basic authentication infos
+ injectBasicAuthenticationIfRequired(builder, config);
+
+ //inject authentication if required
+ final LayeredConnectionSocketFactory sslConnectionFactory = getSslContext(config);
+
+ // set pool connection if required
+ injectDefaultConnectionPoolIfRequired(builder, sslConnectionFactory);
+
+ availableBuilders.put(config.getUuid(), builder);
+
+ }
+
+ return builder.setRedirectStrategy(
+ buildRedirectStrategy(config.isFollowHttpRedirects())).build();
+
+ }
+
+ @PostConstruct
+ private void initalize() throws EaafException {
+ final HttpClientConfiguration defaultHttpClientConfig = buildDefaultHttpClientConfiguration();
+
+ // initialize http client
+ log.trace("Initializing default HTTP-Client builder ... ");
+ final HttpClientBuilder defaultHttpClientBuilder = HttpClients.custom();
+
+ // set default request configuration
+ defaultHttpClientBuilder.setDefaultRequestConfig(buildDefaultRequestConfig());
+
+ //inject http basic authentication
+ injectBasicAuthenticationIfRequired(defaultHttpClientBuilder, defaultHttpClientConfig);
+
+ // inject authentication if required
+ final LayeredConnectionSocketFactory sslConnectionFactory =
+ getSslContext(defaultHttpClientConfig);
+
+ // set pool connection if required
+ injectDefaultConnectionPoolIfRequired(defaultHttpClientBuilder, sslConnectionFactory);
+
+ //set default http client builder
+ defaultConfigurationId = defaultHttpClientConfig.getUuid();
+ availableBuilders.put(defaultConfigurationId, defaultHttpClientBuilder);
+
+ }
+
+ private HttpClientConfiguration buildDefaultHttpClientConfiguration() throws EaafConfigurationException {
+ final HttpClientConfiguration config = new HttpClientConfiguration("Default");
+
+ // inject basic http authentication if required
+ config.setAuthMode(basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_MODE,
+ HttpClientConfiguration.ClientAuthMode.NONE.getMode()));
+ log.info("Default client authentication-mode is set to: {}", config.getAuthMode());
+
+ // set Username and Password if available
+ config.setUsername(basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_HTTP_USERNAME));
+ config.setPassword(basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_HTTP_PASSORD));
+
+ // set SSL Client auth. informations if available
+ config.buildKeyStoreConfig(
+ basicConfig.getBasicConfiguration(
+ PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE, KeyStoreType.PKCS12.getKeyStoreType()),
+ basicConfig.getBasicConfiguration(
+ PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH, StringUtils.EMPTY),
+ basicConfig.getBasicConfiguration(
+ PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD, StringUtils.EMPTY),
+ basicConfig.getBasicConfiguration(
+ PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME, StringUtils.EMPTY));
+
+ config.setSslKeyAlias(
+ basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_ALIAS));
+ config.setSslKeyPassword(
+ basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD));
+
+ config.setDisableHostnameValidation(basicConfig.getBasicConfigurationBoolean(
+ PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL, false));
+
+ // validate configuration object
+ config.validate();
+
+ return config;
+ }
+
+ private void injectBasicAuthenticationIfRequired(HttpClientBuilder builder,
+ final HttpClientConfiguration httpClientConfig) {
+ if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.PASSWORD)) {
+ final CredentialsProvider provider = new BasicCredentialsProvider();
+ log.trace("Injecting basic authentication with username: {} and password: {}",
+ httpClientConfig.getUsername(), httpClientConfig.getPassword());
+ final UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(
+ httpClientConfig.getUsername(), httpClientConfig.getPassword());
+
+ final AuthScope scope = new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT, AuthScope.ANY_REALM);
+ provider.setCredentials(scope, credentials);
+ builder.setDefaultCredentialsProvider(provider);
+ log.info("Basic http authentication was injected with username: {}",
+ httpClientConfig.getUsername());
+
+ } else {
+ log.trace("Injection of Http Basic authentication was skipped");
+
+ }
+
+ }
+
+ @Nonnull
+ private LayeredConnectionSocketFactory getSslContext(final HttpClientConfiguration httpClientConfig)
+ throws EaafException {
+ SSLContext sslContext = null;
+ try {
+ if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.SSL)) {
+ log.debug("Open keyStore with type: {}", httpClientConfig.getKeyStoreConfig().getKeyStoreType());
+ final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig.getKeyStoreConfig())
+ .getFirst();
+
+ log.trace("Injecting SSL client-authentication into http client ... ");
+ sslContext = HttpUtils.buildSslContextWithSslClientAuthentication(keyStore,
+ httpClientConfig.getSslKeyAlias(), httpClientConfig.getSslKeyPassword(),
+ httpClientConfig.isDisableTlsHostCertificateValidation(), httpClientConfig.getFriendlyName());
+
+ } else {
+ log.trace("Initializing default SSL Context ... ");
+ sslContext = SSLContext.getDefault();
+
+ }
+
+ // set hostname verifier
+ HostnameVerifier hostnameVerifier = null;
+ if (httpClientConfig.isDisableHostnameValidation()) {
+ hostnameVerifier = new NoopHostnameVerifier();
+ log.warn("HTTP client-builder deactivates SSL Host-name verification!");
+
+ }
+
+ final LayeredConnectionSocketFactory sslSocketFactory =
+ new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
+ log.debug("HTTP client-builder successfuly initialized");
+ return sslSocketFactory;
+
+ } catch (final NoSuchAlgorithmException e) {
+ log.warn("HTTP client-builder can NOT initialze SSL-Context", e);
+ throw new EaafFactoryException(ERROR_03, new Object[] {
+ httpClientConfig.getFriendlyName(), e.getMessage()}, e);
+
+ }
+
+ }
+
+ private void injectDefaultConnectionPoolIfRequired(
+ HttpClientBuilder builder, final LayeredConnectionSocketFactory sslConnectionFactory) {
+ if (basicConfig.getBasicConfigurationBoolean(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE,
+ true)) {
+ PoolingHttpClientConnectionManager pool;
+
+ // set socketFactoryRegistry if SSLConnectionFactory is Set
+ if (sslConnectionFactory != null) {
+ final Registry socketFactoryRegistry =
+ RegistryBuilder.create()
+ .register("http", PlainConnectionSocketFactory.getSocketFactory())
+ .register("https", sslConnectionFactory).build();
+ log.trace("Inject SSLSocketFactory into pooled connection");
+ pool = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
+
+ } else {
+ pool = new PoolingHttpClientConnectionManager();
+
+ }
+
+ pool.setDefaultMaxPerRoute(Integer.parseInt(
+ basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE,
+ DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE)));
+ pool.setMaxTotal(Integer.parseInt(
+ basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL,
+ DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL)));
+
+ builder.setConnectionManager(pool);
+ log.debug("Initalize http-client pool with, maxTotal: {} maxPerRoute: {}", pool.getMaxTotal(),
+ pool.getDefaultMaxPerRoute());
+
+ } else if (sslConnectionFactory != null) {
+ log.trace("Inject SSLSocketFactory without connection pool");
+ builder.setSSLSocketFactory(sslConnectionFactory);
+
+ }
+
+ }
+
+ private RequestConfig buildDefaultRequestConfig() {
+ final RequestConfig requestConfig =
+ RequestConfig.custom()
+ .setConnectTimeout(
+ Integer.parseInt(basicConfig.getBasicConfiguration(
+ PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION,
+ DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION)) * 1000)
+ .setConnectionRequestTimeout(Integer.parseInt(basicConfig.getBasicConfiguration(
+ PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST,
+ DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST)) * 1000)
+ .setSocketTimeout(Integer.parseInt(
+ basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET,
+ DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET))
+ * 1000)
+ .build();
+ return requestConfig;
+
+ }
+
+ private static RedirectStrategy buildRedirectStrategy(final boolean followRedirects) {
+ RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
+ if (!followRedirects) {
+ redirectStrategy = new RedirectStrategy() {
+
+ @Override
+ public boolean isRedirected(final HttpRequest request, final HttpResponse response,
+ final HttpContext context) throws ProtocolException {
+ return false;
+ }
+
+ @Override
+ public HttpUriRequest getRedirect(final HttpRequest request, final HttpResponse response,
+ final HttpContext context) throws ProtocolException {
+ return null;
+ }
+ };
+ }
+ return redirectStrategy;
+
+ }
+
+}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
new file mode 100644
index 00000000..2d514912
--- /dev/null
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
@@ -0,0 +1,194 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria MOA-ID has been developed in a cooperation between
+ * BRZ, the Federal Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at: http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.core.impl.http;
+
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+import javax.net.ssl.SSLContext;
+import javax.servlet.http.HttpServletRequest;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.apache.http.ssl.SSLContexts;
+import org.apache.http.ssl.TrustStrategy;
+
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class HttpUtils {
+
+ private static final String ERROR_03 = "internal.httpclient.03";
+
+ /**
+ * Helper method to retrieve server URL including context path.
+ *
+ * @param request HttpServletRequest
+ * @return Server URL including context path (e.g.
+ * http://localhost:8443/moa-id-auth
+ */
+ public static String getBaseUrl(final HttpServletRequest request) {
+ final StringBuffer buffer = new StringBuffer(getServerUrl(request));
+
+ // add context path if available
+ final String contextPath = request.getContextPath();
+ if (!StringUtils.isEmpty(contextPath)) {
+ buffer.append(contextPath);
+ }
+
+ return buffer.toString();
+ }
+
+ /**
+ * Helper method to retrieve server URL.
+ *
+ * @param request HttpServletRequest
+ * @return Server URL (e.g. http://localhost:8443)
+ */
+ public static String getServerUrl(final HttpServletRequest request) {
+ final StringBuffer buffer = new StringBuffer();
+
+ // get protocol
+ final String protocol = request.getScheme();
+ buffer.append(protocol).append("://");
+
+ // server name
+ buffer.append(request.getServerName());
+
+ // add port if necessary
+ final int port = request.getServerPort();
+ if (protocol.equals("http") && port != 80 || protocol.equals("https") && port != 443) {
+ buffer.append(':');
+ buffer.append(port);
+ }
+
+ return buffer.toString();
+ }
+
+ /**
+ * Extract the IDP PublicURLPrefix from authrequest.
+ *
+ * @param req HttpServletRequest
+ * @return PublicURLPrefix which ends always without /
+ */
+ public static String extractAuthUrlFromRequest(final HttpServletRequest req) {
+ String authUrl = req.getScheme() + "://" + req.getServerName();
+ if (req.getScheme().equalsIgnoreCase("https") && req.getServerPort() != 443
+ || req.getScheme().equalsIgnoreCase("http") && req.getServerPort() != 80) {
+ authUrl = authUrl.concat(":" + req.getServerPort());
+ }
+ authUrl = authUrl.concat(req.getContextPath());
+ return authUrl;
+
+ }
+
+ /**
+ * Extract the IDP requested URL from authrequest.
+ *
+ * @param req HttpServletRequest
+ * @return RequestURL which ends always without /
+ */
+ public static String extractAuthServletPathFromRequest(final HttpServletRequest req) {
+ return extractAuthUrlFromRequest(req).concat(req.getServletPath());
+
+ }
+
+ /**
+ * Add a http GET parameter to URL.
+ *
+ * @param url URL
+ * @param paramname Name of the parameter.
+ * @param paramvalue Value of the parameter.
+ * @return
+ */
+ public static String addUrlParameter(final String url, final String paramname,
+ final String paramvalue) {
+ final String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0) {
+ return url + "?" + param;
+ } else {
+ return url + "&" + param;
+ }
+ }
+
+ /**
+ * Initialize a {@link SSLContext} with a {@link KeyStore} that uses X509 Client
+ * authentication.
+ *
+ * @param keyStore KeyStore with private keys that should be
+ * used
+ * @param keyAlias Alias of the key that should be used. If
+ * the alias is null, than the first key that
+ * is found will be selected.
+ * @param keyPasswordString Password of the Key in this keystore
+ * @param trustAllServerCertificates Deactivate SSL server-certificate
+ * validation
+ * @param friendlyName FriendlyName of the http client for logging
+ * purposes
+ * @return {@link SSLContext} with X509 client authentication
+ * @throws EaafConfigurationException In case of a configuration error
+ * @throws EaafFactoryException In case of a {@link SSLContext}
+ * initialization error
+ */
+ public static SSLContext buildSslContextWithSslClientAuthentication(@Nonnull final KeyStore keyStore,
+ @Nullable String keyAlias, @Nullable String keyPasswordString,
+ boolean trustAllServerCertificates, @Nonnull String friendlyName)
+ throws EaafConfigurationException, EaafFactoryException {
+ try {
+ log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString);
+ final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray()
+ : keyPasswordString.toCharArray();
+
+ SSLContextBuilder sslContextBuilder = SSLContexts.custom();
+ if (StringUtils.isNotEmpty(keyAlias)) {
+ sslContextBuilder = sslContextBuilder
+ .loadKeyMaterial(keyStore, keyPassword, new EaafSslKeySelectionStrategy(keyAlias));
+
+ } else {
+ sslContextBuilder = sslContextBuilder
+ .loadKeyMaterial(keyStore, keyPassword);
+
+ }
+
+ if (trustAllServerCertificates) {
+ log.warn("Http-client:{} trusts ALL TLS server-certificates!");
+ final TrustStrategy trustStrategy = new TrustAllStrategy();
+ sslContextBuilder = sslContextBuilder.loadTrustMaterial(trustStrategy);
+
+ }
+
+ return sslContextBuilder.build();
+
+ } catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException
+ | KeyStoreException e) {
+ throw new EaafFactoryException(ERROR_03, new Object[] { friendlyName, e.getMessage() }, e);
+
+ }
+ }
+
+}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java
new file mode 100644
index 00000000..7ec58d46
--- /dev/null
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java
@@ -0,0 +1,43 @@
+package at.gv.egiz.eaaf.core.impl.http;
+
+import javax.annotation.Nonnull;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+
+import org.apache.http.impl.client.CloseableHttpClient;
+
+public interface IHttpClientFactory {
+
+ /**
+ * Return an instance of a Apache HTTP client that uses
+ * default configuration properties from {@link IHttpClientFactory} implementation
+ * and follows http redirects automatically.
+ *
+ * @return http client
+ */
+ @Nonnull
+ CloseableHttpClient getHttpClient();
+
+ /**
+ * Return an instance of a Apache HTTP client that uses
+ * default configuration properties from {@link IHttpClientFactory} implementation.
+ *
+ * @param followRedirects if false
, the client does not flow 30x
+ * http redirects
+ * @return http client
+ */
+ @Nonnull
+ CloseableHttpClient getHttpClient(boolean followRedirects);
+
+ /**
+ * Return an instance of a Apache HTTP client based in {@link HttpClientConfiguration}.
+ *
+ * @param config Configuration object for this http client
+ * @return http client
+ * @throws EaafException In case of a http-client initialization problem
+ */
+ @Nonnull
+ CloseableHttpClient getHttpClient(@Nonnull HttpClientConfiguration config)
+ throws EaafException;
+
+}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
deleted file mode 100644
index e681e705..00000000
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
+++ /dev/null
@@ -1,370 +0,0 @@
-package at.gv.egiz.eaaf.core.impl.utils;
-
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.UnrecoverableKeyException;
-
-import javax.annotation.PostConstruct;
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.SSLContext;
-
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.http.HttpRequest;
-import org.apache.http.HttpResponse;
-import org.apache.http.ProtocolException;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.client.CredentialsProvider;
-import org.apache.http.client.RedirectStrategy;
-import org.apache.http.client.config.RequestConfig;
-import org.apache.http.client.methods.HttpUriRequest;
-import org.apache.http.config.Registry;
-import org.apache.http.config.RegistryBuilder;
-import org.apache.http.conn.socket.ConnectionSocketFactory;
-import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
-import org.apache.http.conn.socket.PlainConnectionSocketFactory;
-import org.apache.http.conn.ssl.NoopHostnameVerifier;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.impl.client.BasicCredentialsProvider;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.DefaultRedirectStrategy;
-import org.apache.http.impl.client.HttpClientBuilder;
-import org.apache.http.impl.client.HttpClients;
-import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
-import org.apache.http.protocol.HttpContext;
-import org.apache.http.ssl.SSLContexts;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.io.ResourceLoader;
-
-import lombok.extern.slf4j.Slf4j;
-
-@Slf4j
-public class HttpClientFactory implements IHttpClientFactory {
-
- @Autowired(required = true)
- private IConfiguration basicConfig;
-
- @Autowired(required = true)
- ResourceLoader resourceLoader;
-
- @Autowired private EaafKeyStoreFactory keyStoreFactory;
-
- public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE =
- "client.http.connection.pool.use";
- public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL =
- "client.http.connection.pool.maxtotal";
- public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE =
- "client.http.connection.pool.maxperroute";
- public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET =
- "client.http.connection.timeout.socket";
- public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION =
- "client.http.connection.timeout.connection";
- public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST =
- "client.http.connection.timeout.request";
- public static final String PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL =
- "client.http.ssl.hostnameverifier.trustall";
-
- public static final String PROP_CONFIG_CLIENT_MODE = "client.authmode";
- public static final String PROP_CONFIG_CLIENT_AUTH_HTTP_USERNAME = "client.auth.http.username";
- public static final String PROP_CONFIG_CLIENT_AUTH_HTTP_PASSORD = "client.auth.http.password";
- public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH =
- "client.auth.ssl.keystore.path";
- public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD =
- "client.auth.ssl.keystore.password";
- private static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME =
- "client.auth.ssl.keystore.name";
- public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE =
- "client.auth.ssl.keystore.type";
- public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD =
- "client.auth.ssl.key.password";
- public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_ALIAS = "client.auth.ssl.key.alias";
-
- // default configuration values
- public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET = "15";
- public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION = "15";
- public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST = "30";
- public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL = "500";
- public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE = "100";
-
- public enum ClientAuthMode {
- NONE("none"), PASSWORD("password"), SSL("ssl");
-
- private final String mode;
-
- ClientAuthMode(final String mode) {
- this.mode = mode;
- }
-
- /**
- * Get the PVP mode.
- *
- * @return
- */
- public String getMode() {
- return this.mode;
- }
-
- /**
- * Get http-client authentication mode from String representation.
- *
- * @param s Config parameter
- * @return
- */
- public static ClientAuthMode fromString(final String s) {
- try {
- return ClientAuthMode.valueOf(s.toUpperCase());
-
- } catch (IllegalArgumentException | NullPointerException e) {
- return null;
- }
- }
-
- @Override
- public String toString() {
- return getMode();
-
- }
-
- }
-
- private HttpClientBuilder httpClientBuilder = null;
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory#getHttpClient()
- */
- @Override
- public CloseableHttpClient getHttpClient() {
- return getHttpClient(true);
-
- }
-
- @Override
- public CloseableHttpClient getHttpClient(final boolean followRedirects) {
- RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
- if (!followRedirects) {
- redirectStrategy = new RedirectStrategy() {
-
- @Override
- public boolean isRedirected(final HttpRequest request, final HttpResponse response,
- final HttpContext context) throws ProtocolException {
- return false;
- }
-
- @Override
- public HttpUriRequest getRedirect(final HttpRequest request, final HttpResponse response,
- final HttpContext context) throws ProtocolException {
- return null;
- }
- };
- }
-
- return httpClientBuilder.setRedirectStrategy(redirectStrategy).build();
-
- }
-
- @PostConstruct
- private void initalize() {
- // initialize http client
- log.trace("Initializing HTTP Client-builder ... ");
- httpClientBuilder = HttpClients.custom();
-
- // set default request configuration
- final RequestConfig requestConfig =
- RequestConfig.custom()
- .setConnectTimeout(
- Integer.parseInt(basicConfig.getBasicConfiguration(
- PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION,
- DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION)) * 1000)
- .setConnectionRequestTimeout(Integer.parseInt(basicConfig.getBasicConfiguration(
- PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST,
- DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST)) * 1000)
- .setSocketTimeout(Integer.parseInt(
- basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET,
- DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET))
- * 1000)
- .build();
- httpClientBuilder.setDefaultRequestConfig(requestConfig);
-
- ClientAuthMode clientAuthMode = ClientAuthMode.fromString(
- basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_MODE, ClientAuthMode.NONE.getMode()));
- if (clientAuthMode == null) {
- log.warn("Can Not parse ClientAuthMode! Set mode to default value");
- clientAuthMode = ClientAuthMode.NONE;
-
- }
-
- // inject basic http authentication if required
- log.info("Client authentication-mode is set to: {}", clientAuthMode);
- injectBasicAuthenticationIfRequired(clientAuthMode);
-
- // inject authentication if required
- final LayeredConnectionSocketFactory sslConnectionFactory = getSslContext(clientAuthMode);
-
- // set pool connection if required
- injectConnectionPoolIfRequired(sslConnectionFactory);
-
- }
-
- private void injectBasicAuthenticationIfRequired(final ClientAuthMode clientAuthMode) {
- if (clientAuthMode.equals(ClientAuthMode.PASSWORD)) {
- final CredentialsProvider provider = new BasicCredentialsProvider();
-
- final String username =
- basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_HTTP_USERNAME);
- final String password =
- basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_HTTP_PASSORD);
-
- if (StringUtils.isEmpty(username)) {
- log.warn("Http basic authentication was activated but NOT username was set!");
-
- }
-
- log.trace("Injecting basic authentication with username: {} and password: {}", username,
- password);
- final UsernamePasswordCredentials credentials =
- new UsernamePasswordCredentials(username, password);
- provider.setCredentials(AuthScope.ANY, credentials);
- httpClientBuilder.setDefaultCredentialsProvider(provider);
- log.info("Basic http authentication was injected with username: {}", username);
-
- } else {
- log.trace("Injection of Http Basic authentication was skipped");
-
- }
-
- }
-
- private SSLContext buildSslContextWithSslClientAuthentication()
- throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException,
- KeyStoreException, EaafConfigurationException {
- log.trace("Injecting SSL client-authentication into http client ... ");
- final KeyStore keystore = getSslAuthKeyStore();
- final String keyPasswordString =
- basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD);
- log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString);
- final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray()
- : keyPasswordString.toCharArray();
- return SSLContexts.custom().loadKeyMaterial(keystore, keyPassword).build();
-
- }
-
- private KeyStore getSslAuthKeyStore() throws EaafConfigurationException {
- final String keyStoreType = basicConfig.getBasicConfiguration(
- PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE, KeyStoreType.PKCS12.getKeyStoreType());
- final String localKeyStorePath = basicConfig
- .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH, StringUtils.EMPTY);
- final String keyStorePassword = basicConfig
- .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD, StringUtils.EMPTY);
- final String keyStoreName = basicConfig
- .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME, StringUtils.EMPTY);
-
- try {
- final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
- keyStoreConfig.setKeyStoreType(keyStoreType);
- keyStoreConfig.setFriendlyName("HttpClient Keystore");
- keyStoreConfig.setSoftKeyStoreFilePath(localKeyStorePath);
- keyStoreConfig.setSoftKeyStorePassword(keyStorePassword);
- keyStoreConfig.setKeyStoreName(keyStoreName);
-
- log.debug("Open keyStore with type: {}", keyStoreType);
- final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig).getFirst();
-
- return keyStore;
-
- } catch (final EaafException e) {
- log.warn("Can NOT read keyStore: {} from filesystem", localKeyStorePath, null, e);
- throw new EaafConfigurationException("Can NOT read keyStore: {} from filesystem",
- new Object[] { localKeyStorePath }, e);
-
- }
-
- }
-
- private LayeredConnectionSocketFactory getSslContext(final ClientAuthMode clientAuthMode) {
- SSLContext sslContext = null;
- try {
- if (clientAuthMode.equals(ClientAuthMode.SSL)) {
- sslContext = buildSslContextWithSslClientAuthentication();
-
- } else {
- log.trace("Initializing default SSL Context ... ");
- sslContext = SSLContext.getDefault();
-
- }
-
- // set hostname verifier
- HostnameVerifier hostnameVerifier = null;
- if (basicConfig.getBasicConfigurationBoolean(
- PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL, false)) {
- hostnameVerifier = new NoopHostnameVerifier();
- log.warn("HTTP client-builder deactivates SSL Host-name verification!");
-
- }
-
- final LayeredConnectionSocketFactory sslSocketFactory =
- new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
-
- return sslSocketFactory;
-
- } catch (final NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException
- | KeyStoreException | EaafConfigurationException e) {
- log.warn("HTTP client-builder can NOT initialze SSL-Context", e);
-
- }
-
- log.info("HTTP client-builder successfuly initialized");
- return null;
-
- }
-
- private void injectConnectionPoolIfRequired(
- final LayeredConnectionSocketFactory sslConnectionFactory) {
- if (basicConfig.getBasicConfigurationBoolean(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE,
- true)) {
- PoolingHttpClientConnectionManager pool;
-
- // set socketFactoryRegistry if SSLConnectionFactory is Set
- if (sslConnectionFactory != null) {
- final Registry socketFactoryRegistry =
- RegistryBuilder.create()
- .register("http", PlainConnectionSocketFactory.getSocketFactory())
- .register("https", sslConnectionFactory).build();
- log.trace("Inject SSLSocketFactory into pooled connection");
- pool = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
-
- } else {
- pool = new PoolingHttpClientConnectionManager();
-
- }
-
- pool.setDefaultMaxPerRoute(Integer.parseInt(
- basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE,
- DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE)));
- pool.setMaxTotal(Integer.parseInt(
- basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL,
- DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL)));
-
- httpClientBuilder.setConnectionManager(pool);
- log.debug("Initalize http-client pool with, maxTotal: {} maxPerRoute: {}", pool.getMaxTotal(),
- pool.getDefaultMaxPerRoute());
-
- } else if (sslConnectionFactory != null) {
- log.trace("Inject SSLSocketFactory without connection pool");
- httpClientBuilder.setSSLSocketFactory(sslConnectionFactory);
-
- }
-
- }
-
-}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java
deleted file mode 100644
index 66356ba0..00000000
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria MOA-ID has been developed in a cooperation between
- * BRZ, the Federal Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by the European
- * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
- * compliance with the Licence. You may obtain a copy of the Licence at: http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the Licence
- * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the Licence for the specific language governing permissions and limitations under
- * the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text file for details on the
- * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
- * works that you distribute must include a readable copy of the "NOTICE" text file.
-*/
-
-package at.gv.egiz.eaaf.core.impl.utils;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.commons.lang3.StringUtils;
-
-public class HttpUtils {
-
- /**
- * Helper method to retrieve server URL including context path.
- *
- * @param request HttpServletRequest
- * @return Server URL including context path (e.g.
- * http://localhost:8443/moa-id-auth
- */
- public static String getBaseUrl(final HttpServletRequest request) {
- final StringBuffer buffer = new StringBuffer(getServerUrl(request));
-
- // add context path if available
- final String contextPath = request.getContextPath();
- if (!StringUtils.isEmpty(contextPath)) {
- buffer.append(contextPath);
- }
-
- return buffer.toString();
- }
-
- /**
- * Helper method to retrieve server URL.
- *
- * @param request HttpServletRequest
- * @return Server URL (e.g. http://localhost:8443)
- */
- public static String getServerUrl(final HttpServletRequest request) {
- final StringBuffer buffer = new StringBuffer();
-
- // get protocol
- final String protocol = request.getScheme();
- buffer.append(protocol).append("://");
-
- // server name
- buffer.append(request.getServerName());
-
- // add port if necessary
- final int port = request.getServerPort();
- if (protocol.equals("http") && port != 80 || protocol.equals("https") && port != 443) {
- buffer.append(':');
- buffer.append(port);
- }
-
- return buffer.toString();
- }
-
- /**
- * Extract the IDP PublicURLPrefix from authrequest.
- *
- * @param req HttpServletRequest
- * @return PublicURLPrefix which ends always without /
- */
- public static String extractAuthUrlFromRequest(final HttpServletRequest req) {
- String authUrl = req.getScheme() + "://" + req.getServerName();
- if (req.getScheme().equalsIgnoreCase("https") && req.getServerPort() != 443
- || req.getScheme().equalsIgnoreCase("http") && req.getServerPort() != 80) {
- authUrl = authUrl.concat(":" + req.getServerPort());
- }
- authUrl = authUrl.concat(req.getContextPath());
- return authUrl;
-
- }
-
- /**
- * Extract the IDP requested URL from authrequest.
- *
- * @param req HttpServletRequest
- * @return RequestURL which ends always without /
- */
- public static String extractAuthServletPathFromRequest(final HttpServletRequest req) {
- return extractAuthUrlFromRequest(req).concat(req.getServletPath());
-
- }
-
- /**
- * Add a http GET parameter to URL.
- *
- * @param url URL
- * @param paramname Name of the parameter.
- * @param paramvalue Value of the parameter.
- * @return
- */
- public static String addUrlParameter(final String url, final String paramname,
- final String paramvalue) {
- final String param = paramname + "=" + paramvalue;
- if (url.indexOf("?") < 0) {
- return url + "?" + param;
- } else {
- return url + "&" + param;
- }
- }
-
-}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java
deleted file mode 100644
index f922e1ac..00000000
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package at.gv.egiz.eaaf.core.impl.utils;
-
-import org.apache.http.impl.client.CloseableHttpClient;
-
-public interface IHttpClientFactory {
-
- /**
- * Return an instance of a Apache HTTP client that follows http redirects
- * automatically.
- *
- * @return
- */
- CloseableHttpClient getHttpClient();
-
- /**
- * Return an instance of a Apache HTTP client.
- *
- * @param followRedirects if false
, the client does not flow 30x
- * http redirects
- * @return
- */
- CloseableHttpClient getHttpClient(boolean followRedirects);
-
-}
diff --git a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties
index f531e02d..b20c5f63 100644
--- a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties
+++ b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties
@@ -12,4 +12,7 @@ internal.keystore.07=Validation of KeyStore: {0} failed. Reason: {1}
internal.keystore.08=Can not access Key: {1} in KeyStore: {0}
internal.keystore.09=Can not access Key: {1} in KeyStore: {0} Reason: {2}
-
+internal.httpclient.00=HttpClient:{0} uses http Basic-Auth, but 'Username' is NOT set
+internal.httpclient.01=HttpClient:{0} uses X509 client-auth, but 'KeyStoreConfig' is NOT set
+internal.httpclient.02=HttpClient:{0} uses KeyStore:{1}, but 'keyPassword' is NOT set
+internal.httpclient.03=Can not initialize SSLContext for HttpClient:{0} Reason:{1}
\ No newline at end of file
diff --git a/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml b/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml
index ab631e34..aa5a50de 100644
--- a/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml
+++ b/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml
@@ -11,8 +11,8 @@
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd" >
-
+ class="at.gv.egiz.eaaf.core.impl.http.HttpClientFactory" />
+
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java
new file mode 100644
index 00000000..b2f0f80e
--- /dev/null
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java
@@ -0,0 +1,328 @@
+package at.gv.egiz.eaaf.core.test.http;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.InetAddress;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.Provider;
+import java.security.cert.X509Certificate;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.http.client.ClientProtocolException;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import okhttp3.HttpUrl;
+import okhttp3.mockwebserver.MockResponse;
+import okhttp3.mockwebserver.MockWebServer;
+import okhttp3.mockwebserver.RecordedRequest;
+import okhttp3.tls.HandshakeCertificates;
+import okhttp3.tls.HeldCertificate;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml")
+public class HttpClientFactoryTest {
+
+ @Autowired private EaafKeyStoreFactory keyStoreFactory;
+ @Autowired private IHttpClientFactory httpClientFactory;
+
+ private MockWebServer mockWebServer = null;
+ private HttpUrl mockServerUrl;
+
+ /**
+ * JUnit test set-up.
+ *
+ */
+ @Before
+ public void setup() {
+
+ }
+
+ /**
+ * jUnit test shutdown.
+ *
+ * @throws IOException In case of an mockWebServer error
+ */
+ @After
+ public void shutdown() throws IOException {
+ if (mockWebServer != null) {
+ mockWebServer.shutdown();
+ mockWebServer = null;
+
+ }
+
+ }
+
+ @Test
+ public void getDefaultClient() {
+ final CloseableHttpClient client = httpClientFactory.getHttpClient();
+ Assert.assertNotNull("httpClient", client);
+
+ }
+
+ @Test
+ public void getDefaultClientNoRedirect() {
+ final CloseableHttpClient client = httpClientFactory.getHttpClient(false);
+ Assert.assertNotNull("httpClient", client);
+
+ }
+
+ @Test
+ public void getCustomClientsDefault() throws EaafException {
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ Assert.assertFalse("Wrong default config - Hostnamevalidation",
+ config.isDisableHostnameValidation());
+ Assert.assertFalse("Wrong default config - TLS Server-certs",
+ config.isDisableTlsHostCertificateValidation());
+
+ final CloseableHttpClient client1 = httpClientFactory.getHttpClient(config);
+ Assert.assertNotNull("first http client", client1);
+
+ final CloseableHttpClient client2 = httpClientFactory.getHttpClient(config);
+ Assert.assertNotNull("second http client", client2);
+
+ }
+
+ @Test
+ public void getCustomClientUnknownAuthMethod() throws EaafException {
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode(RandomStringUtils.randomAlphabetic(5));
+ final CloseableHttpClient client = httpClientFactory.getHttpClient(config);
+ Assert.assertNotNull("httpClient", client);
+
+ }
+
+ @Test
+ public void getCustomClientBasicAuth() throws EaafException, ClientProtocolException, IOException, InterruptedException {
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode("password");
+ config.setUsername("jUnit");
+ config.setPassword("password");
+
+ final CloseableHttpClient client = httpClientFactory.getHttpClient(config);
+ Assert.assertNotNull("httpClient", client);
+
+ //setup test webserver that requestes http Basic authentication
+ mockWebServer = new MockWebServer();
+ mockServerUrl = mockWebServer.url("/sp/junit");
+ mockWebServer.enqueue(new MockResponse()
+ .setResponseCode(HttpURLConnection.HTTP_UNAUTHORIZED)
+ .addHeader("www-authenticate: Basic realm=\"protected area\"")
+ .setBody("Please authenticate."));
+ mockWebServer.enqueue(new MockResponse().setResponseCode(200)
+ .setBody("Successful auth!"));
+
+ //request webservice
+ final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString());
+ final CloseableHttpResponse httpResp2 = client.execute(httpGet2);
+ Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode());
+
+ //check request contains basic authentication after authentication was requested
+ final RecordedRequest httpReq1 = mockWebServer.takeRequest();
+ final RecordedRequest httpReq2 = mockWebServer.takeRequest();
+ Assert.assertNull("wrong BasicAuthHeader", httpReq1.getHeader("Authorization"));
+ Assert.assertNotNull("missing BasicAuthHeader", httpReq2.getHeader("Authorization"));
+
+ }
+
+ @Test
+ public void getCustomClientBasicAuthNoUsername(){
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode("password");
+ try {
+ httpClientFactory.getHttpClient(config);
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafException e) {
+ Assert.assertEquals("Wrong errorCode", "internal.httpclient.00", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void getCustomClientBasicAuthNoPassword() throws EaafException {
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode("password");
+ config.setUsername(RandomStringUtils.randomAlphabetic(5));
+
+ final CloseableHttpClient client = httpClientFactory.getHttpClient(config);
+ Assert.assertNotNull("httpClient", client);
+
+ }
+
+ @Test
+ public void getCustomClientX509AuthNoKeyStoreConfig(){
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode("ssl");
+ try {
+ httpClientFactory.getHttpClient(config);
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafException e) {
+ Assert.assertEquals("Wrong errorCode", "internal.httpclient.01", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void getCustomClientX509AuthNoKeyPassword() throws EaafException{
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode("ssl");
+ config.buildKeyStoreConfig(
+ "jks",
+ "src/test/resources/data/junit.jks",
+ "password",
+ null);
+
+ try {
+ httpClientFactory.getHttpClient(config);
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafException e) {
+ Assert.assertEquals("Wrong errorCode", "internal.httpclient.02", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void getCustomClientX509Auth() throws EaafException {
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode("ssl");
+ config.buildKeyStoreConfig(
+ "jks",
+ "src/test/resources/data/junit.jks",
+ "password",
+ null);
+ config.setSslKeyPassword("password");
+
+ final CloseableHttpClient client = httpClientFactory.getHttpClient(config);
+ Assert.assertNotNull("httpClient", client);
+
+ }
+
+ @Test
+ public void getCustomClientX509AuthWithAlias() throws EaafException, ClientProtocolException,
+ IOException, KeyStoreException {
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode("ssl");
+ config.buildKeyStoreConfig(
+ "jks",
+ "src/test/resources/data/junit.jks",
+ "password",
+ null);
+ config.setSslKeyPassword("password");
+ config.setSslKeyAlias("sig");
+ config.setDisableTlsHostCertificateValidation(true);
+
+ final CloseableHttpClient client = httpClientFactory.getHttpClient(config);
+ Assert.assertNotNull("httpClient", client);
+
+ //set-up mock-up web-server with SSL client authentication
+ final Pair sslClientKeyStore =
+ keyStoreFactory.buildNewKeyStore(config.getKeyStoreConfig());
+ final String localhost = InetAddress.getByName("localhost").getCanonicalHostName();
+ final HeldCertificate localhostCertificate = new HeldCertificate.Builder()
+ .addSubjectAlternativeName(localhost)
+ .build();
+ final HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder()
+ .addTrustedCertificate(
+ (X509Certificate) sslClientKeyStore.getFirst().getCertificate(config.getSslKeyAlias()))
+ .heldCertificate(localhostCertificate)
+ .build();
+ mockWebServer = new MockWebServer();
+ mockWebServer.useHttps(serverCertificates.sslSocketFactory(), false);
+ mockWebServer.requireClientAuth();
+ mockWebServer.enqueue(new MockResponse().setResponseCode(200)
+ .setBody("Successful auth!"));
+ mockServerUrl = mockWebServer.url("/sp/junit");
+
+ //perform test request
+ final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString());
+ final CloseableHttpResponse httpResp2 = client.execute(httpGet2);
+ Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode());
+
+ }
+
+ @Test
+ public void getCustomClientX509AuthWrongKeyPassword() throws EaafException{
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode("ssl");
+ config.buildKeyStoreConfig(
+ "jks",
+ "src/test/resources/data/junit.jks",
+ "password",
+ null);
+ config.setSslKeyPassword(RandomStringUtils.randomAlphanumeric(5));
+ config.setSslKeyAlias("sig");
+
+ try {
+ httpClientFactory.getHttpClient(config);
+ Assert.fail("Wrong key password not detected");
+
+ } catch (final EaafException e) {
+ Assert.assertEquals("Wrong errorCode", "internal.httpclient.03", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void getCustomClientX509AuthWithWrongAlias() throws EaafException, KeyStoreException, ClientProtocolException, IOException {
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode("ssl");
+ config.buildKeyStoreConfig(
+ "jks",
+ "src/test/resources/data/junit.jks",
+ "password",
+ null);
+ config.setSslKeyPassword("password");
+ config.setSslKeyAlias(RandomStringUtils.randomAlphabetic(5));
+ config.setDisableHostnameValidation(true);
+ config.setFollowHttpRedirects(false);
+ config.setDisableTlsHostCertificateValidation(true);
+
+ final CloseableHttpClient client = httpClientFactory.getHttpClient(config);
+ Assert.assertNotNull("httpClient", client);
+
+ //set-up mock-up web-server with SSL client authentication
+ final Pair sslClientKeyStore =
+ keyStoreFactory.buildNewKeyStore(config.getKeyStoreConfig());
+ final String localhost = InetAddress.getByName("localhost").getCanonicalHostName();
+ final HeldCertificate localhostCertificate = new HeldCertificate.Builder()
+ .addSubjectAlternativeName(localhost)
+ .build();
+ final HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder()
+ .addTrustedCertificate(
+ (X509Certificate) sslClientKeyStore.getFirst().getCertificate("meta"))
+ .heldCertificate(localhostCertificate)
+ .build();
+ mockWebServer = new MockWebServer();
+ mockWebServer.useHttps(serverCertificates.sslSocketFactory(), false);
+ mockWebServer.requireClientAuth();
+ mockWebServer.enqueue(new MockResponse().setResponseCode(200)
+ .setBody("Successful auth!"));
+ mockServerUrl = mockWebServer.url("/sp/junit");
+
+ //perform test request
+ final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString());
+ final CloseableHttpResponse httpResp2 = client.execute(httpGet2);
+ Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode());
+
+ }
+}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
index d1887d5c..1d97b167 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
@@ -28,8 +28,8 @@ import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
index 147199a5..ee601c73 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
@@ -11,10 +11,10 @@ import javax.xml.parsers.ParserConfigurationException;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
index 37e4acd1..cbeca4c3 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
@@ -6,8 +6,8 @@ import java.net.URLDecoder;
import javax.xml.parsers.ParserConfigurationException;
import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java
index 64ebe00c..3673859a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java
@@ -6,7 +6,7 @@ import java.util.ArrayList;
import java.util.List;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java
index 6abe52dc..27c42c57 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java
@@ -5,8 +5,8 @@ import java.io.UnsupportedEncodingException;
import java.util.Arrays;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
index accdd8b0..da417ec7 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
@@ -10,7 +10,7 @@ import java.util.List;
import javax.xml.transform.TransformerException;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml
index 99552053..fa7b4eae 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml
@@ -20,7 +20,7 @@
class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory" />
+ class="at.gv.egiz.eaaf.core.impl.http.HttpClientFactory" />
diff --git a/pom.xml b/pom.xml
index 0ce897ec..773e0937 100644
--- a/pom.xml
+++ b/pom.xml
@@ -78,7 +78,7 @@
2.22.1
4.12
- 4.0.0
+ 4.4.1
1.18.10
@@ -483,6 +483,12 @@
${com.squareup.okhttp3.version}
test
+
+ com.squareup.okhttp3
+ okhttp-tls
+ ${com.squareup.okhttp3.version}
+ test
+
at.gv.egiz.eaaf
eaaf_core_utils
--
cgit v1.2.3
From 5742681b60c6f99efa0040c42e514005596ffb34 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Thu, 19 Mar 2020 15:59:15 +0100
Subject: inject authType parameter in VDA request to select a specific
authentication method
---
.../tasks/AbstractCreateQualEidRequestTask.java | 30 +++++++++++++++
.../modules/auth/sl20/utils/SL20Constants.java | 45 ++++++++++++++++++++++
2 files changed, 75 insertions(+)
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
index 1d97b167..6a5e1ef0 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
@@ -1,5 +1,6 @@
package at.gv.egiz.eaaf.modules.auth.sl20.tasks;
+import java.io.Serializable;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.List;
@@ -39,6 +40,7 @@ import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants;
+import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants.VdaAuthMethod;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonBuilderUtils;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils;
@@ -95,6 +97,15 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
final List parameters = new ArrayList<>();
parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM,
Base64Url.encode(sl20Req.toString().getBytes("UTF-8"))));
+
+ //set specific authentication method if it was selection by process step before
+ VdaAuthMethod authMethod = getVdaAuthMethodFromContext(executionContext);
+ if (authMethod != null) {
+ log.debug("Request VDA with authType: {}", authMethod);
+ parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_AUTH_METHOD_PARAM,
+ authMethod.getAuthMethod()));
+ }
+
httpReq.setEntity(new UrlEncodedFormEntity(parameters));
// build http GET request
@@ -190,6 +201,13 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
}
+ /**
+ * Get ExecutionContext parameter-key for VDA AuthMethod information.
+ *
+ * @return Key to get AuthMethod from {@link ExecutionContext}
+ */
+ protected abstract String getAuthMethodContextParamKey();
+
/**
* Create a implementation specific qualified eID SL2.0 command
*
@@ -201,6 +219,18 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
*/
protected abstract String buildSignedQualifiedEidCommand() throws CertificateEncodingException, SL20Exception;
+
+ private VdaAuthMethod getVdaAuthMethodFromContext(ExecutionContext executionContext) {
+ Serializable authMethodRaw = executionContext.get(getAuthMethodContextParamKey());
+ if (authMethodRaw instanceof String) {
+ log.trace("Find authMethod parameter: {} on context", authMethodRaw);
+ return VdaAuthMethod.fromString((String) authMethodRaw);
+
+ }
+
+ return null;
+ }
+
private String extractVdaUrlForSpecificOa(final ISpConfiguration oaConfig, final ExecutionContext executionContext) {
// load SP specific config for development and testing purposes
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
index 01316b9b..ec5dbf2e 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
@@ -4,6 +4,8 @@ import java.util.Arrays;
import java.util.Collections;
import java.util.List;
+import javax.annotation.Nonnull;
+
import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers;
import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers;
import org.jose4j.jws.AlgorithmIdentifiers;
@@ -11,10 +13,53 @@ import org.jose4j.jws.AlgorithmIdentifiers;
public class SL20Constants {
public static final int CURRENT_SL20_VERSION = 10;
+
// http binding parameters
public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand";
public static final String PARAM_SL20_REQ_COMMAND_PARAM_OLD = "sl2command";
+ public static final String PARAM_SL20_REQ_AUTH_METHOD_PARAM = "authtype";
+ public enum VdaAuthMethod {
+ ANY("any"), MOBILEPHONE("handy"), CARD("card");
+
+ private final String authMethod;
+
+ VdaAuthMethod(final String method) {
+ this.authMethod = method;
+ }
+
+ /**
+ * Get VDA AuthMethod.
+ *
+ * @return
+ */
+ public String getAuthMethod() {
+ return this.authMethod;
+ }
+
+ /**
+ * Get VDA authmethod from String representation.
+ *
+ * @param s authMethod parameter
+ * @return AuthMethod, or VdaAuthMethod.ANY if the parameter is unknown
+ */
+ public static VdaAuthMethod fromString(@Nonnull final String s) {
+ try {
+ return VdaAuthMethod.valueOf(s.toUpperCase());
+
+ } catch (IllegalArgumentException | NullPointerException e) {
+ return VdaAuthMethod.ANY;
+
+ }
+ }
+
+ @Override
+ public String toString() {
+ return getAuthMethod();
+
+ }
+ }
+
public static final String PARAM_SL20_REQ_ICP_RETURN_URL_PARAM = "slIPCReturnUrl";
public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID";
--
cgit v1.2.3
From efa9cafcc8cab417efcc8a0a610e82e7578d64fc Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Thu, 19 Mar 2020 16:07:10 +0100
Subject: codestyle problem
---
.../main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java | 1 +
1 file changed, 1 insertion(+)
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
index ec5dbf2e..5c3fa705 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
@@ -19,6 +19,7 @@ public class SL20Constants {
public static final String PARAM_SL20_REQ_COMMAND_PARAM_OLD = "sl2command";
public static final String PARAM_SL20_REQ_AUTH_METHOD_PARAM = "authtype";
+
public enum VdaAuthMethod {
ANY("any"), MOBILEPHONE("handy"), CARD("card");
--
cgit v1.2.3
From b3157cfd92685303de5aa05f05a66ec933d21266 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Thu, 19 Mar 2020 17:30:45 +0100
Subject: add 'smartphone' as parameter for authType on VDA side
---
.../java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
index 5c3fa705..bfc393db 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
@@ -21,7 +21,7 @@ public class SL20Constants {
public static final String PARAM_SL20_REQ_AUTH_METHOD_PARAM = "authtype";
public enum VdaAuthMethod {
- ANY("any"), MOBILEPHONE("handy"), CARD("card");
+ ANY("any"), MOBILEPHONE("handy"), CARD("card"), SMARTPHONE("smartphone");
private final String authMethod;
--
cgit v1.2.3
From a46333372c7f7b74831a19c04c93c7b6815b8f84 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Fri, 20 Mar 2020 13:50:34 +0100
Subject: add some more test cases for process-engine evaluator
---
.../impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java
index 26e2e17b..7559fe85 100644
--- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java
@@ -69,6 +69,10 @@ public class SpringExpressionEvaluatorTest {
assertTrue(expressionEvaluator.evaluate(ctx, "'HelloWorld'.equals(@simplePojo.stringValue)"));
assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.integerValue == 42"));
assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10"));
+
+ assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10 and @simplePojo.booleanValue"));
+ assertFalse(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10 and !@simplePojo.booleanValue"));
+ assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10 or !@simplePojo.booleanValue"));
}
}
--
cgit v1.2.3
From 895066c1aa921204346225551525006b6d34b7c6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Fri, 20 Mar 2020 13:51:29 +0100
Subject: switch to HSM-Facade 0.4-Snapshot and fix possible race-condition
between jUnit tests
---
.../pvp2/test/AbstractSamlVerificationEngine.java | 54 +++++++++++++---------
.../pvp2/test/SamlVerificationEngineTest.java | 36 ++++++++-------
.../SamlVerificationEngineWithHsmFacadeTest.java | 10 ++--
.../pvp2/test/metadata/MetadataBuilderTest.java | 20 ++++----
pom.xml | 2 +-
5 files changed, 71 insertions(+), 51 deletions(-)
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java
index d5186857..e593c1d4 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java
@@ -3,28 +3,9 @@ package at.gv.egiz.eaaf.modules.pvp2.test;
import java.util.ArrayList;
import java.util.List;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider;
-
+import org.apache.xml.security.algorithms.JCEMapper;
import org.joda.time.DateTime;
+import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
@@ -47,6 +28,26 @@ import org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.Assert;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
@@ -72,6 +73,17 @@ public abstract class AbstractSamlVerificationEngine {
EaafOpenSaml3xInitializer.eaafInitialize();
}
+
+ /**
+ * Reset OpenSAML3.x JCEMapper to default.
+ *
+ */
+ @AfterClass
+ public static void classCloser() {
+ JCEMapper.setProviderId(null);
+
+ }
+
protected abstract String getMetadataJunitJKeystore();
protected abstract String getMetadataClassPathEntityPath();
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java
index 64bfb8f6..57c4b93a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java
@@ -1,22 +1,5 @@
package at.gv.egiz.eaaf.modules.pvp2.test;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider;
-
import org.joda.time.DateTime;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -30,12 +13,30 @@ import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.xmlsec.signature.support.SignatureConstants;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.util.Assert;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
@RunWith(SpringJUnit4ClassRunner.class)
@@ -43,6 +44,7 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException;
"/spring/test_eaaf_core_spring_config.beans.xml",
"/spring/eaaf_utils.beans.xml" })
@TestPropertySource(locations = { "/config/config_1.props" })
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
public class SamlVerificationEngineTest extends AbstractSamlVerificationEngine {
@Autowired
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java
index 5b06a73f..926f25b2 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java
@@ -1,20 +1,24 @@
package at.gv.egiz.eaaf.modules.pvp2.test;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-
import org.junit.Test;
import org.junit.runner.RunWith;
import org.opensaml.xmlsec.signature.support.SignatureConstants;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+
+//@IfProfileValue(name = "spring.profiles.active", value = "devEnvironment")
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
"/spring/test_eaaf_core_spring_config.beans.xml",
"/spring/eaaf_utils.beans.xml" })
@TestPropertySource(locations = { "/config/config_3.props" })
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
public class SamlVerificationEngineWithHsmFacadeTest extends AbstractSamlVerificationEngine {
@Override
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
index 0f8817a0..8657bc60 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
@@ -14,15 +14,6 @@ import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactoryConfigurationError;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-
import org.apache.commons.lang3.RandomStringUtils;
import org.junit.Assert;
import org.junit.BeforeClass;
@@ -46,10 +37,20 @@ import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureValidator;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
@@ -61,6 +62,7 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException;
"/spring/test_eaaf_core_spring_config.beans.xml",
"/spring/eaaf_utils.beans.xml" })
@TestPropertySource(locations = { "/config/config_1.props" })
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
public class MetadataBuilderTest {
@Autowired private PvpMetadataBuilder metadataBuilder;
diff --git a/pom.xml b/pom.xml
index 773e0937..c63b31c0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -43,7 +43,7 @@
2.13_moa
2.13_moa
- 0.3.0
+ 0.4.0-SNAPSHOT
1.25.0
--
cgit v1.2.3
From f3792e2ffbfbf0dea3d2ede7b311acdefc1c19fd Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Fri, 20 Mar 2020 13:51:57 +0100
Subject: add JOSE header into JWS verificationresult DAO
---
.../modules/auth/sl20/data/VerificationResult.java | 10 +++++-
.../modules/auth/sl20/utils/JsonSecurityUtils.java | 37 ++++++++++++----------
2 files changed, 29 insertions(+), 18 deletions(-)
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java
index bb0c41d7..0f88e251 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java
@@ -9,6 +9,7 @@ public class VerificationResult {
private Boolean validSigned = null;
private List certs = null;
+ private JsonNode header = null;
private JsonNode payload = null;
public VerificationResult(final JsonNode payload) {
@@ -19,11 +20,14 @@ public class VerificationResult {
/**
* JWS signature verification-result container.
*
+ * @param joseHeader JWS header
* @param payload JWS payload
* @param certs JWS signercertificate
* @param wasValidSigned true if signature was valid
*/
- public VerificationResult(final JsonNode payload, final List certs, final boolean wasValidSigned) {
+ public VerificationResult(final JsonNode joseHeader, final JsonNode payload,
+ final List certs, final boolean wasValidSigned) {
+ this.header = joseHeader;
this.payload = payload;
this.certs = certs;
this.validSigned = wasValidSigned;
@@ -42,4 +46,8 @@ public class VerificationResult {
return payload;
}
+ public JsonNode getJoseHeader() {
+ return header;
+
+ }
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
index ccb650b3..43c44647 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
@@ -13,22 +13,6 @@ import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.PostConstruct;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.utils.X509Utils;
-import at.gv.egiz.eaaf.modules.auth.sl20.Constants;
-import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
-
import org.apache.commons.lang3.StringUtils;
import org.jose4j.jca.ProviderContext;
import org.jose4j.jwa.AlgorithmConstraints;
@@ -50,6 +34,22 @@ import org.springframework.util.Base64Utils;
import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.databind.JsonNode;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.utils.X509Utils;
+import at.gv.egiz.eaaf.modules.auth.sl20.Constants;
+import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
+
@Service
public class JsonSecurityUtils implements IJoseTools {
private static final Logger log = LoggerFactory.getLogger(JsonSecurityUtils.class);
@@ -230,7 +230,10 @@ public class JsonSecurityUtils implements IJoseTools {
jws.setKey(selectedKey);
// load payLoad
- return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), x5cCerts, jws.verifySignature());
+ return new VerificationResult(
+ mapper.getMapper().readTree(jws.getHeaders().getFullHeaderAsJsonString()),
+ mapper.getMapper().readTree(jws.getPayload()),
+ x5cCerts, jws.verifySignature());
}
--
cgit v1.2.3
From 3d1bb1bba3dec96d742a6f3c1dc23fb3c607d292 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Fri, 20 Mar 2020 20:44:37 +0100
Subject: set Socket timeout in ConnectionPoolManager
---
.../eaaf/core/impl/http/HttpClientFactory.java | 23 +++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
index b6e660da..58d7e7b2 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
@@ -10,13 +10,6 @@ import javax.annotation.PostConstruct;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
-
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
@@ -29,6 +22,7 @@ import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
+import org.apache.http.config.SocketConfig;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
@@ -43,6 +37,12 @@ import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.protocol.HttpContext;
import org.springframework.beans.factory.annotation.Autowired;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
import lombok.extern.slf4j.Slf4j;
@Slf4j
@@ -296,7 +296,7 @@ public class HttpClientFactory implements IHttpClientFactory {
pool = new PoolingHttpClientConnectionManager();
}
-
+
pool.setDefaultMaxPerRoute(Integer.parseInt(
basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE,
DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE)));
@@ -304,6 +304,11 @@ public class HttpClientFactory implements IHttpClientFactory {
basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL,
DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL)));
+ pool.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(Integer.parseInt(
+ basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET,
+ DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET))
+ * 1000).build());
+
builder.setConnectionManager(pool);
log.debug("Initalize http-client pool with, maxTotal: {} maxPerRoute: {}", pool.getMaxTotal(),
pool.getDefaultMaxPerRoute());
@@ -329,7 +334,7 @@ public class HttpClientFactory implements IHttpClientFactory {
.setSocketTimeout(Integer.parseInt(
basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET,
DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET))
- * 1000)
+ * 1000)
.build();
return requestConfig;
--
cgit v1.2.3
From bb15852878205381898c0719d163756d6aa96e1c Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Fri, 20 Mar 2020 20:45:42 +0100
Subject: refactor SAML2 metadata signature-filter to use a TrustStore
implementation to get trusted X509 certificates
---
.../pvp2/api/utils/IPvp2CredentialProvider.java | 13 ++
.../impl/utils/AbstractCredentialProvider.java | 18 ++-
.../SimpleMetadataSignatureVerificationFilter.java | 46 ++++--
.../pvp2/test/metadata/MetadataResolverTest.java | 155 +++++++++++----------
4 files changed, 142 insertions(+), 90 deletions(-)
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java
index a564efb2..acd565a1 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java
@@ -1,11 +1,14 @@
package at.gv.egiz.eaaf.modules.pvp2.api.utils;
+import java.security.KeyStore;
+import java.security.Provider;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
@@ -51,5 +54,15 @@ public interface IPvp2CredentialProvider {
@Nonnull
List getTrustedCertificates()
throws CredentialsNotAvailableException;
+
+
+ /**
+ * Get the {@link KeyStore} that is used in this {@link IPvp2CredentialProvider}.
+ *
+ * @return KeyStore {@link Pair} of {@link KeyStore} and JCE {@link Provider}
+ * if a special provider is in use
+ */
+ @Nonnull
+ Pair getKeyStore();
}
\ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
index 26a5c5f6..e17e625e 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
@@ -32,6 +32,12 @@ import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.PostConstruct;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.xml.security.algorithms.JCEMapper;
+import org.opensaml.security.credential.UsageType;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.ResourceLoader;
+
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
@@ -44,13 +50,6 @@ import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.xml.security.algorithms.JCEMapper;
-import org.opensaml.security.credential.UsageType;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.io.ResourceLoader;
-
import lombok.extern.slf4j.Slf4j;
@Slf4j
@@ -256,6 +255,11 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
}
+ public Pair getKeyStore() {
+ return keyStore;
+
+ }
+
@PostConstruct
private void initialize() throws Exception {
try {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java
index ef09e5c4..5a97924f 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java
@@ -23,15 +23,14 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Nonnull;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMetadataSignatureException;
-
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
@@ -40,13 +39,18 @@ import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureValidator;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMetadataSignatureException;
import lombok.extern.slf4j.Slf4j;
@Slf4j
public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataSignatureFilter {
private final String metadataUrl;
- private final List trustedCredential = new ArrayList<>();
+ private final KeyStore trustedCredential;
private static final String ERROR_07 = "internal.pvp.07";
private static final String ERROR_12 = "internal.pvp.12";
@@ -61,13 +65,13 @@ public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataS
* SAML2 metadata with {@link EntitiesDescriptor} are not supported.
*
*
- * @param credentials Trust X509 certificates
+ * @param keyStore TrustStore that contains trusted X509 certificates
* @param metadataUrl Metadata URL for logging purposes
*/
- public SimpleMetadataSignatureVerificationFilter(@Nonnull List credentials,
+ public SimpleMetadataSignatureVerificationFilter(@Nonnull KeyStore keyStore,
@Nonnull String metadataUrl) {
this.metadataUrl = metadataUrl;
- this.trustedCredential.addAll(credentials);
+ this.trustedCredential = keyStore;
}
@@ -121,7 +125,7 @@ public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataS
// perform cryptographic signature verification
boolean isTrusted = false;
- for (final BasicX509Credential cred : trustedCredential) {
+ for (final BasicX509Credential cred : getTrustedCertificates()) {
log.trace("Validating signature with credential: {} ... ",
cred.getEntityCertificate().getSubjectDN());
try {
@@ -140,7 +144,31 @@ public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataS
throw new SamlMetadataSignatureException(metadataUrl, ERROR_MSG_SIGNOTVALID);
}
+ }
+
+ private List getTrustedCertificates() throws EaafConfigurationException {
+ try {
+ final List certs =
+ EaafKeyStoreUtils.readCertsFromKeyStore(trustedCredential);
+ if (certs.isEmpty()) {
+ log.warn("No trusted metadata-signing certificates in configuration");
+ throw new EaafConfigurationException("module.eidasauth.02",
+ new Object[] { "No trusted metadata-signing certificates" });
+
+ }
+
+ final List result = new ArrayList<>();
+ for (final X509Certificate cert : certs) {
+ result.add(new BasicX509Credential(cert));
+ }
+ return result;
+
+ } catch (final KeyStoreException e) {
+ throw new EaafConfigurationException("module.eidasauth.01",
+ new Object[] { "Trusted metadata-signing certificates", e.getMessage() }, e);
+
+ }
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
index da417ec7..1cbc2f14 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
@@ -2,6 +2,9 @@ package at.gv.egiz.eaaf.modules.pvp2.test.metadata;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
@@ -10,21 +13,6 @@ import java.util.List;
import javax.xml.transform.TransformerException;
-import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.joda.time.DateTime;
@@ -68,6 +56,20 @@ import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
@@ -91,7 +93,8 @@ public class MetadataResolverTest {
private PvpMetadataResolverFactory metadataResolverFactory;
@Autowired
private IHttpClientFactory httpClientFactory;
- @Autowired private DummyCredentialProvider credentialProvider;
+ @Autowired
+ private DummyCredentialProvider credentialProvider;
/**
* JUnit class initializer.
@@ -183,16 +186,15 @@ public class MetadataResolverTest {
}
@Test
- public void noCredentials() {
+ public void noCredentials() throws KeyStoreException {
final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml";
- final List credentials = new ArrayList<>();
-
+ final KeyStore keystore = KeyStore.getInstance("JKS");
final List filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
metadataUrl));
final MetadataFilterChain filterChain = new MetadataFilterChain();
@@ -212,20 +214,21 @@ public class MetadataResolverTest {
}
@Test
- public void wrongCredentials() throws CertificateException {
+ public void wrongCredentials() throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException {
final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml";
- final List credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
final BasicX509Credential credential = new BasicX509Credential((X509Certificate) fact.generateCertificate(
MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
- credentials.add(credential);
+ keystore.setCertificateEntry("1", credential.getEntityCertificate());
final List filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
metadataUrl));
final MetadataFilterChain filterChain = new MetadataFilterChain();
@@ -246,21 +249,22 @@ public class MetadataResolverTest {
@Test
public void validCredentialsInvalidSig() throws CertificateException, Pvp2MetadataException,
- ResolverException {
+ ResolverException, KeyStoreException, NoSuchAlgorithmException, IOException {
final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml";
- final List credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
final List filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
metadataUrl));
final MetadataFilterChain filterChain = new MetadataFilterChain();
@@ -281,7 +285,8 @@ public class MetadataResolverTest {
@Test
public void metadataSignatureValidCredentials() throws CertificateException, Pvp2MetadataException,
ResolverException, XMLParserException, UnmarshallingException, SamlSigningException,
- CredentialsNotAvailableException, MarshallingException, TransformerException, IOException {
+ CredentialsNotAvailableException, MarshallingException, TransformerException, IOException,
+ KeyStoreException, NoSuchAlgorithmException {
mockWebServer.shutdown();
mockWebServer = new MockWebServer();
@@ -300,19 +305,20 @@ public class MetadataResolverTest {
.setBody(SerializeSupport.nodeToString(metadataElement))
.setHeader("Content-Type", "text/html;charset=utf-8"));
- final List credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("3", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")));
final List filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
mockServerUrl.url().toString()));
filterList.add(new PvpEntityCategoryFilter(true));
@@ -332,7 +338,8 @@ public class MetadataResolverTest {
@Test
public void metadataSignatureValidCredentialsSecond() throws CertificateException, Pvp2MetadataException,
ResolverException, XMLParserException, UnmarshallingException, SamlSigningException,
- CredentialsNotAvailableException, MarshallingException, TransformerException, IOException {
+ CredentialsNotAvailableException, MarshallingException, TransformerException, IOException,
+ KeyStoreException, NoSuchAlgorithmException {
final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
@@ -347,19 +354,20 @@ public class MetadataResolverTest {
.setBody(SerializeSupport.nodeToString(metadataElement))
.setHeader("Content-Type", "text/html;charset=utf-8"));
- final List credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("3", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")));
final List filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
mockServerUrl.url().toString()));
filterList.add(new PvpEntityCategoryFilter(true));
@@ -370,8 +378,6 @@ public class MetadataResolverTest {
mockServerUrl.url().toString(),
filterChain, "jUnit test", httpClientFactory.getHttpClient());
-
-
final EntityDescriptor descr = mdResolver.getEntityDescriptor(metadata.getEntityID());
Assert.assertNotNull("No EntityDescripter", descr);
@@ -385,11 +391,13 @@ public class MetadataResolverTest {
@Test
public void metadataSignatureValidCredentialsThird() throws CertificateException, Pvp2MetadataException,
ResolverException, XMLParserException, UnmarshallingException, SamlSigningException,
- CredentialsNotAvailableException, MarshallingException, TransformerException, IOException {
+ CredentialsNotAvailableException, MarshallingException, TransformerException, IOException,
+ KeyStoreException, NoSuchAlgorithmException {
final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
- MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid_with_entityCategory_egov.xml"));
+ MetadataResolverTest.class.getResourceAsStream(
+ "/data/pvp_metadata_valid_with_entityCategory_egov.xml"));
metadata.setValidUntil(DateTime.now().plusDays(1));
metadata.setSignature(null);
metadata.setEntityID(RandomStringUtils.randomAlphabetic(10));
@@ -400,19 +408,20 @@ public class MetadataResolverTest {
.setBody(SerializeSupport.nodeToString(metadataElement))
.setHeader("Content-Type", "text/html;charset=utf-8"));
- final List credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("3", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")));
final List filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
mockServerUrl.url().toString()));
filterList.add(new PvpEntityCategoryFilter(true));
@@ -423,8 +432,6 @@ public class MetadataResolverTest {
mockServerUrl.url().toString(),
filterChain, "jUnit test", httpClientFactory.getHttpClient());
-
-
final EntityDescriptor descr = mdResolver.getEntityDescriptor(metadata.getEntityID());
Assert.assertNotNull("No EntityDescripter", descr);
@@ -438,7 +445,8 @@ public class MetadataResolverTest {
@Test
public void metadataExpired() throws CertificateException, Pvp2MetadataException,
ResolverException, XMLParserException, UnmarshallingException, SamlSigningException,
- CredentialsNotAvailableException, MarshallingException, TransformerException, IOException {
+ CredentialsNotAvailableException, MarshallingException, TransformerException, IOException,
+ KeyStoreException, NoSuchAlgorithmException {
final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
@@ -452,24 +460,24 @@ public class MetadataResolverTest {
.setBody(SerializeSupport.nodeToString(metadataElement))
.setHeader("Content-Type", "text/html;charset=utf-8"));
- final List credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")));
final List filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
mockServerUrl.url().toString()));
filterList.add(new RequiredValidUntilFilter());
filterList.add(new PvpEntityCategoryFilter(false));
-
final MetadataFilterChain filterChain = new MetadataFilterChain();
filterChain.setFilters(filterList);
@@ -484,7 +492,6 @@ public class MetadataResolverTest {
}
-
}
@Test
--
cgit v1.2.3
From b8117498ba6227248d9e10d960298530ff30bcf8 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Tue, 24 Mar 2020 15:58:03 +0100
Subject: some small changes
---
checks/egiz_checks.xml | 16 ++++++----------
.../idp/conf/AbstractSpringBootConfigurationImpl.java | 10 +++++-----
eaaf_core_utils/pom.xml | 7 +++++++
3 files changed, 18 insertions(+), 15 deletions(-)
diff --git a/checks/egiz_checks.xml b/checks/egiz_checks.xml
index 6a8e68ef..ad0be35e 100644
--- a/checks/egiz_checks.xml
+++ b/checks/egiz_checks.xml
@@ -1,13 +1,12 @@
-
+
@@ -20,9 +19,6 @@ Checkstyle configuration that checks the Google coding conventions from Google J
-
@@ -180,9 +176,7 @@ Checkstyle configuration that checks the Google coding conventions from Google J
-
-
-
+
@@ -204,6 +198,8 @@ Checkstyle configuration that checks the Google coding conventions from Google J
+
+
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java
index 5dcbcb7e..708ef399 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java
@@ -28,10 +28,6 @@ import java.util.Map.Entry;
import javax.annotation.PostConstruct;
-import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
-
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -42,6 +38,10 @@ import org.springframework.core.env.EnumerablePropertySource;
import org.springframework.core.env.Environment;
import org.springframework.core.env.PropertySource;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
public abstract class AbstractSpringBootConfigurationImpl implements IConfigurationWithSP {
private static final Logger log = LoggerFactory.getLogger(AbstractSpringBootConfigurationImpl.class);
@@ -114,7 +114,7 @@ public abstract class AbstractSpringBootConfigurationImpl implements IConfigurat
return new URI(env.getRequiredProperty(addPrefixToKey(PROP_CONFIG_ROOT_DIR)));
} catch (IllegalStateException | URISyntaxException e) {
- log.warn("ConfigRootDirectory is NOT set");
+ log.warn("ConfigRootDirectory is NOT set", e);
return null;
}
diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml
index 681152f7..7cf6a266 100644
--- a/eaaf_core_utils/pom.xml
+++ b/eaaf_core_utils/pom.xml
@@ -79,6 +79,13 @@
joda-time
joda-time
+
+
+
+ org.springframework
+ spring-webmvc
+ provided
+
javax.servlet
javax.servlet-api
--
cgit v1.2.3
From 1044640c80e6586192e14635ae5a65d2f6524dc8 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Tue, 24 Mar 2020 19:51:58 +0100
Subject: fix dependency problems with different Java Spring versions
---
eaaf_core/pom.xml | 1 +
eaaf_modules/eaaf_module_auth_sl20/pom.xml | 6 +++++-
eaaf_modules/eaaf_module_moa-sig/pom.xml | 7 ++++++-
eaaf_modules/eaaf_module_pvp2_core/pom.xml | 6 ++++++
eaaf_modules/eaaf_module_pvp2_idp/pom.xml | 6 +++++-
eaaf_modules/eaaf_module_pvp2_sp/pom.xml | 6 +++++-
pom.xml | 2 +-
7 files changed, 29 insertions(+), 5 deletions(-)
diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml
index f41463df..520884ea 100644
--- a/eaaf_core/pom.xml
+++ b/eaaf_core/pom.xml
@@ -37,6 +37,7 @@
org.springframework
spring-webmvc
+ provided
org.slf4j
diff --git a/eaaf_modules/eaaf_module_auth_sl20/pom.xml b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
index 9b237b78..482596a2 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/pom.xml
+++ b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
@@ -42,7 +42,11 @@
com.fasterxml.jackson.core
jackson-databind
-
+
+ org.springframework
+ spring-webmvc
+ provided
+
javax.servlet
javax.servlet-api
diff --git a/eaaf_modules/eaaf_module_moa-sig/pom.xml b/eaaf_modules/eaaf_module_moa-sig/pom.xml
index b9dd49f6..eb2cdae8 100644
--- a/eaaf_modules/eaaf_module_moa-sig/pom.xml
+++ b/eaaf_modules/eaaf_module_moa-sig/pom.xml
@@ -59,7 +59,12 @@
at.gv.egiz.eaaf
eaaf_core_api
-
+
+ org.springframework
+ spring-webmvc
+ provided
+
+
joda-time
joda-time
diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
index 32d66501..efc359aa 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
@@ -47,6 +47,12 @@
bcprov-jdk15on
+
+ org.springframework
+ spring-webmvc
+ provided
+
+
javax.servlet
javax.servlet-api
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
index cf833f67..b570c88a 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
@@ -19,7 +19,11 @@
eaaf_module_pvp2_core
${egiz.eaaf.version}
-
+
+ org.springframework
+ spring-webmvc
+ provided
+
javax.servlet
javax.servlet-api
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
index b936f307..cf2ac340 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
@@ -25,7 +25,11 @@
-
+
+ org.springframework
+ spring-webmvc
+ provided
+
javax.servlet
javax.servlet-api
diff --git a/pom.xml b/pom.xml
index c63b31c0..735c7b3d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,7 +21,7 @@
0.4
- 0.3
+ 0.3.1
3.1.2
2.0.2
--
cgit v1.2.3
From 726e0837ca6cd9586f8b85aceca91487a9105216 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Wed, 25 Mar 2020 17:36:14 +0100
Subject: some codestyle changes
---
.../eaaf/core/test/http/HttpClientFactoryTest.java | 25 +++++++++++-----------
1 file changed, 13 insertions(+), 12 deletions(-)
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java
index b2f0f80e..25bd3008 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java
@@ -8,12 +8,6 @@ import java.security.KeyStoreException;
import java.security.Provider;
import java.security.cert.X509Certificate;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration;
-import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
-
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.CloseableHttpResponse;
@@ -29,6 +23,11 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import okhttp3.HttpUrl;
import okhttp3.mockwebserver.MockResponse;
import okhttp3.mockwebserver.MockWebServer;
@@ -110,7 +109,8 @@ public class HttpClientFactoryTest {
}
@Test
- public void getCustomClientBasicAuth() throws EaafException, ClientProtocolException, IOException, InterruptedException {
+ public void getCustomClientBasicAuth() throws EaafException, ClientProtocolException,
+ IOException, InterruptedException {
final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
config.setAuthMode("password");
config.setUsername("jUnit");
@@ -143,7 +143,7 @@ public class HttpClientFactoryTest {
}
@Test
- public void getCustomClientBasicAuthNoUsername(){
+ public void getCustomClientBasicAuthNoUsername() {
final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
config.setAuthMode("password");
try {
@@ -168,7 +168,7 @@ public class HttpClientFactoryTest {
}
@Test
- public void getCustomClientX509AuthNoKeyStoreConfig(){
+ public void getCustomClientX509AuthNoKeyStoreConfig() {
final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
config.setAuthMode("ssl");
try {
@@ -182,7 +182,7 @@ public class HttpClientFactoryTest {
}
@Test
- public void getCustomClientX509AuthNoKeyPassword() throws EaafException{
+ public void getCustomClientX509AuthNoKeyPassword() throws EaafException {
final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
config.setAuthMode("ssl");
config.buildKeyStoreConfig(
@@ -261,7 +261,7 @@ public class HttpClientFactoryTest {
}
@Test
- public void getCustomClientX509AuthWrongKeyPassword() throws EaafException{
+ public void getCustomClientX509AuthWrongKeyPassword() throws EaafException {
final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
config.setAuthMode("ssl");
config.buildKeyStoreConfig(
@@ -283,7 +283,8 @@ public class HttpClientFactoryTest {
}
@Test
- public void getCustomClientX509AuthWithWrongAlias() throws EaafException, KeyStoreException, ClientProtocolException, IOException {
+ public void getCustomClientX509AuthWithWrongAlias() throws EaafException, KeyStoreException,
+ ClientProtocolException, IOException {
final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
config.setAuthMode("ssl");
config.buildKeyStoreConfig(
--
cgit v1.2.3
From a382287bb7f061bb2a26c095e8e17b324efcb4cf Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Thu, 26 Mar 2020 12:36:36 +0100
Subject: fix codestyle
---
.../gv/egiz/eaaf/core/api/utils/IJsonMapper.java | 4 ++
.../impl/idp/process/ExecutionContextImpl.java | 2 +
.../springweb/SpringWebExpressionEvaluator.java | 2 +-
.../at/gv/egiz/eaaf/core/impl/utils/DomUtils.java | 3 +
.../impl/idp/auth/EaafCoreMessageSourceTest.java | 8 +--
.../spring/test/SpringExpressionEvaluatorTest.java | 9 ++-
.../java/at/gv/egiz/eaaf/core/api/IRequest.java | 8 ++-
.../egiz/eaaf/core/api/idp/IAttributeBuilder.java | 4 +-
.../eaaf/core/api/idp/IAttributeGenerator.java | 8 +--
.../at/gv/egiz/eaaf/core/api/idp/IAuthData.java | 3 +-
.../gv/egiz/eaaf/core/api/idp/IConfiguration.java | 8 +--
.../eaaf/core/api/idp/IConfigurationWithSP.java | 7 ++-
.../idp/auth/data/IAuthProcessDataContainer.java | 3 +
.../eaaf/core/api/storage/ITransactionStorage.java | 6 +-
.../auth/sl20/utils/SL20JsonBuilderUtils.java | 1 +
.../auth/sl20/utils/SL20JsonExtractorUtils.java | 2 +
.../pvp2/impl/builder/CitizenTokenBuilder.java | 6 +-
.../impl/metadata/PvpMetadataResolverFactory.java | 19 ++++---
.../pvp2/test/PvpCoreMessageSourceTest.java | 8 +--
.../modules/pvp2/test/binding/PostBindingTest.java | 65 +++++++++++-----------
.../pvp2/test/metadata/MetadataBuilderTest.java | 3 +-
.../pvp2/idp/test/AuthenticationActionTest.java | 1 +
.../modules/pvp2/idp/test/MetadataActionTest.java | 1 +
23 files changed, 108 insertions(+), 73 deletions(-)
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java
index a7e4f6fe..b3e0c88f 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java
@@ -3,6 +3,8 @@ package at.gv.egiz.eaaf.core.api.utils;
import java.io.IOException;
import java.io.InputStream;
+import com.google.gson.JsonParseException;
+
import at.gv.egiz.eaaf.core.exceptions.EaafJsonMapperException;
public interface IJsonMapper {
@@ -23,6 +25,7 @@ public interface IJsonMapper {
* @param value the JSON string to deserialize
* @param clazz optional parameter that determines the type of the returned
* object. If not set, an {@link Object} is returned.
+ * @param Response class type
* @return the deserialized JSON string as an object of type {@code clazz} or
* {@link Object}
* @throws JsonParseException if the JSON string contains invalid content.
@@ -39,6 +42,7 @@ public interface IJsonMapper {
* @param is the JSON to deserialize as {@link InputStream}
* @param clazz optional parameter that determines the type of the returned
* object. If not set, an {@link Object} is returned.
+ * @param Response class type
* @return the deserialized JSON string as an object of type {@code clazz} or
* {@link Object}
* @throws JsonParseException if the JSON string contains invalid content.
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java
index 27bc829d..3eff8a7b 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java
@@ -52,6 +52,8 @@ public class ExecutionContextImpl implements ExecutionContext {
/**
* Creates a new instance and associated it with a certain process instance.
+ *
+ * @param processInstanceId ProcessInstanceId for this execution context.
*/
public ExecutionContextImpl(final String processInstanceId) {
this.processInstanceId = processInstanceId;
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java
index afcc0a58..9ef88679 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java
@@ -95,7 +95,7 @@ public class SpringWebExpressionEvaluator implements ExpressionEvaluator {
* @param delegate The original {@link ExpressionEvaluationContext} to be
* delegated to for {@code ctx['foo']} expressions.
*/
- public SpringWebExpressionEvaluationContext(final ExpressionEvaluationContext delegate) {
+ SpringWebExpressionEvaluationContext(final ExpressionEvaluationContext delegate) {
this.delegate = delegate;
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java
index e1a02c64..01b063aa 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java
@@ -239,6 +239,7 @@ public class DomUtils {
* the same way it is accepted by the
* xsi:noNamespaceSchemaLocation
* attribute.
+ * @param parserFeatures {@link Map} of features for XML parser
* @return The parsed XML document as a DOM tree.
* @throws SAXException An error occurred parsing the document.
* @throws IOException An error occurred reading the document.
@@ -350,6 +351,7 @@ public class DomUtils {
* decide what to do with parsing
* errors. If null
, it
* will not be set.
+ * @param parserFeatures {@link Map} of features for XML parser
* @return The parsed XML document as a DOM tree.
* @throws SAXException An error occurred parsing the document.
* @throws IOException An error occurred reading the document.
@@ -622,6 +624,7 @@ public class DomUtils {
* the same way it is accepted by the
* xsi:noNamespaceSchemaLocation
* attribute.
+ * @param entityResolver external entity resolver implemention
* @return true
, if the element
validates against the
* schemas declared in it.
* @throws SAXException An error occurred parsing the document.
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java
index a354b873..2fd25478 100644
--- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java
@@ -2,8 +2,6 @@ package at.gv.egiz.eaaf.core.impl.idp.auth;
import java.util.List;
-import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
-
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -13,10 +11,12 @@ import org.springframework.core.io.ResourceLoader;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
+
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration({ "/eaaf_core.beans.xml",
- "/SpringTest-context_eaaf_core.xml",
- "/SpringTest-context_authManager.xml"})
+ "/SpringTest-context_eaaf_core.xml",
+ "/SpringTest-context_authManager.xml"})
public class EaafCoreMessageSourceTest {
@Autowired
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java
index 7559fe85..4aa32360 100644
--- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java
@@ -70,9 +70,12 @@ public class SpringExpressionEvaluatorTest {
assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.integerValue == 42"));
assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10"));
- assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10 and @simplePojo.booleanValue"));
- assertFalse(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10 and !@simplePojo.booleanValue"));
- assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10 or !@simplePojo.booleanValue"));
+ assertTrue(expressionEvaluator.evaluate(ctx,
+ "@simplePojo.stringValue.length() == 10 and @simplePojo.booleanValue"));
+ assertFalse(expressionEvaluator.evaluate(ctx,
+ "@simplePojo.stringValue.length() == 10 and !@simplePojo.booleanValue"));
+ assertTrue(expressionEvaluator.evaluate(ctx,
+ "@simplePojo.stringValue.length() == 10 or !@simplePojo.booleanValue"));
}
}
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java
index 99541cd6..384446b8 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java
@@ -87,9 +87,10 @@ public interface IRequest extends Serializable {
*
* @param key The specific identifier of the request-data object
* @param clazz The class type which is stored with this key
+ * @param Response class type
* @return The request-data object or null if no data is found with this key
*/
- T getRawData(String key, final Class clazz);
+ T getRawData(String key, Class clazz);
/**
* Store a generic data-object into pending request with a specific identifier.
@@ -115,6 +116,7 @@ public interface IRequest extends Serializable {
* Wrap the internal dataStorage map into a DAO.
*
* @param wrapper DOA to access SessionData
+ * @param Response class type
* @return
*/
@Nonnull
@@ -241,9 +243,11 @@ public interface IRequest extends Serializable {
/**
* Get get Service-Provider configuration which is associated with this request.
*
+ * @param decorator Interface of the Service-Provider information DAO
+ * @param Response class type
* @return Service-Provider configuration as object
*/
- T getServiceProviderConfiguration(final Class decorator);
+ T getServiceProviderConfiguration(Class decorator);
/**
* Indicates, if this pending-request is aborted by the user.
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java
index 9c451282..c490bd9c 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java
@@ -24,8 +24,8 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
public interface IAttributeBuilder {
String getName();
- ATT build(final ISpConfiguration oaParam, final IAuthData authData, final IAttributeGenerator g)
+ ATT build(ISpConfiguration oaParam, IAuthData authData, IAttributeGenerator g)
throws AttributeBuilderException;
- ATT buildEmpty(final IAttributeGenerator g);
+ ATT buildEmpty(IAttributeGenerator g);
}
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java
index 072f76e6..9f3e35cc 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java
@@ -28,11 +28,11 @@ public interface IAttributeGenerator {
* @param value value
* @return
*/
- ATT buildStringAttribute(final String friendlyName, final String name, final String value);
+ ATT buildStringAttribute(String friendlyName, String name, String value);
- ATT buildIntegerAttribute(final String friendlyName, final String name, final int value);
+ ATT buildIntegerAttribute(String friendlyName, String name, int value);
- ATT buildLongAttribute(final String friendlyName, final String name, final long value);
+ ATT buildLongAttribute(String friendlyName, String name, long value);
- ATT buildEmptyAttribute(final String friendlyName, final String name);
+ ATT buildEmptyAttribute(String friendlyName, String name);
}
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java
index ca946496..62aa8852 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java
@@ -166,9 +166,10 @@ public interface IAuthData {
*
* @param key Identifier for the generic data
* @param clazz Type of the generic data
+ * @param Response class type
* @return return the generic data of specific type, otherwise null
*/
- T getGenericData(String key, final Class clazz);
+ T getGenericData(String key, Class clazz);
/**
* Get bPK of the user.
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java
index b9ba9869..a4914f16 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java
@@ -29,7 +29,7 @@ public interface IConfiguration {
* @param key configuration key
* @return configuration value or null if it is not found
*/
- String getBasicConfiguration(final String key);
+ String getBasicConfiguration(String key);
/**
* Get a configuration value from file based configuration.
@@ -38,7 +38,7 @@ public interface IConfiguration {
* @param defaultValue Default value if no value with this key is found
* @return configuration value
*/
- String getBasicConfiguration(final String key, final String defaultValue);
+ String getBasicConfiguration(String key, String defaultValue);
/**
* Get a configuration value from file based configuration.
@@ -47,7 +47,7 @@ public interface IConfiguration {
* @return configuration value as {@link Boolean} or false
if key
* does not exist
*/
- boolean getBasicConfigurationBoolean(final String key);
+ boolean getBasicConfigurationBoolean(String key);
/**
* Get a configuration value from file based configuration.
@@ -57,7 +57,7 @@ public interface IConfiguration {
* @return configuration value as {@link Boolean} or defaultValue
* if key does not exist
*/
- boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue);
+ boolean getBasicConfigurationBoolean(String key, boolean defaultValue);
/**
* Get the root directory of the configuration folder.
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfigurationWithSP.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfigurationWithSP.java
index 1ab27e7f..cf8867b3 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfigurationWithSP.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfigurationWithSP.java
@@ -22,7 +22,7 @@ public interface IConfigurationWithSP extends IConfiguration {
* error
*/
@Nullable
- ISpConfiguration getServiceProviderConfiguration(final String uniqueID) throws EaafConfigurationException;
+ ISpConfiguration getServiceProviderConfiguration(String uniqueID) throws EaafConfigurationException;
/**
* Get a configuration entry for a specific Service Provider that is decorated
@@ -32,12 +32,13 @@ public interface IConfigurationWithSP extends IConfiguration {
* @param decorator Decorator that should be used to decorate the result.
* This decorator has to be implement or extend the
* {@link ISpConfiguration} interface
+ * @param Response class type
* @return T
or null
if no SP configuration was found
* @throws EaafConfigurationException In case of a Service-Provider loading
* error
*/
@Nullable
- T getServiceProviderConfiguration(String spIdentifier, final Class decorator)
+ T getServiceProviderConfiguration(String spIdentifier, Class decorator)
throws EaafConfigurationException;
/**
@@ -49,7 +50,7 @@ public interface IConfigurationWithSP extends IConfiguration {
* @param prefix Prefix of the configuration key
* @return Map String/String without prefix, but never null
*/
- Map getBasicConfigurationWithPrefix(final String prefix);
+ Map getBasicConfigurationWithPrefix(String prefix);
/**
* Validate a URL if it it is allowed by configuration.
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
index bb1a28bf..274f3f7f 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
@@ -140,6 +140,8 @@ public interface IAuthProcessDataContainer {
/**
* Mark that the auth. process was done by an official representatives
+ *
+ * @param isOW Mark this data as Organwalter
*
*/
void setOW(boolean isOW);
@@ -182,6 +184,7 @@ public interface IAuthProcessDataContainer {
*
* @param key The specific identifier of the session-data object
* @param clazz The class type which is stored with this key
+ * @param Response class type
* @return The session-data object or null if no data is found with this key
*/
T getGenericDataFromSession(String key, Class clazz);
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java
index 754ff9ac..f80fc967 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java
@@ -70,10 +70,11 @@ public interface ITransactionStorage {
*
* @param key Id which identifiers the data object
* @param clazz The class type which is stored with this key
+ * @param Response class type
* @return The transaction-data object from type class, or null
* @throws EaafStorageException In case of load operation failed
*/
- T get(String key, final Class clazz) throws EaafException;
+ T get(String key, Class clazz) throws EaafException;
/**
* Get a data object from transaction storage.
@@ -81,10 +82,11 @@ public interface ITransactionStorage {
* @param key Id which identifiers the data object
* @param clazz The class type which is stored with this key
* @param dataTimeOut Data-object timeout in [ms]
+ * @param Response class type
* @return The transaction-data object from type class, or null
* @throws EaafStorageException In case of load operation failed
*/
- T get(String key, final Class clazz, long dataTimeOut) throws EaafException;
+ T get(String key, Class clazz, long dataTimeOut) throws EaafException;
/**
* Change the key of a data object and store it under the new key.
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java
index eb17781b..d76f4aad 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java
@@ -105,6 +105,7 @@ public class SL20JsonBuilderUtils {
* @param name commando name
* @param result commando result
* @param encryptedResult encrypted commando result
+ * @param signer {@link JsonSecurityUtils} implementation
* @return JWS in serialized form
* @throws SlCommandoBuildException in case of an error
*
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
index eb6de461..40ea0430 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
@@ -63,6 +63,7 @@ public class SL20JsonExtractorUtils {
* @param input JSON
* @param keyID Element identifier
* @param isRequired true, if the element must not null
+ * @param defaultValue in case of no existing element with key
* @return Boolean
* @throws SlCommandoParserException In case of an error
*/
@@ -269,6 +270,7 @@ public class SL20JsonExtractorUtils {
*
* @param container JSON
* @param joseTools JWS implementation
+ * @param mustBeSigned Throw an error if the result was not signed
* @return Signature verification result that contains the payLoad
* @throws SlCommandoParserException In case of an error
*/
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java
index bf201803..1d6e3738 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java
@@ -19,8 +19,6 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.builder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.schema.XSInteger;
@@ -30,6 +28,8 @@ import org.opensaml.core.xml.schema.impl.XSStringBuilder;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeValue;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+
/**
* Build all attributes from PVP2 citizen-token.
*
@@ -73,6 +73,7 @@ public class CitizenTokenBuilder {
* Build simple attribute.
*
* @param friendlyName attribute friendly-name
+ * @param name attribute name
* @param value Attributevalue
* @return XML attribute
*/
@@ -89,6 +90,7 @@ public class CitizenTokenBuilder {
* Build simple attribute.
*
* @param friendlyName attribute friendly-name
+ * @param name attribute name
* @param value Attributevalue
* @return XML attribute
*/
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java
index 0b505e56..d29f1a0e 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java
@@ -8,15 +8,6 @@ import javax.annotation.Nullable;
import javax.annotation.PostConstruct;
import javax.net.ssl.SSLHandshakeException;
-import at.gv.egiz.components.spring.api.IDestroyableObject;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter;
-
import org.apache.http.client.HttpClient;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.saml.metadata.resolver.ExtendedRefreshableMetadataResolver;
@@ -30,6 +21,15 @@ import org.springframework.core.io.ResourceLoader;
import com.google.common.base.Predicates;
import com.google.common.base.Throwables;
import com.google.common.collect.FluentIterable;
+
+import at.gv.egiz.components.spring.api.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter;
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
@@ -90,6 +90,7 @@ public class PvpMetadataResolverFactory implements IDestroyableObject {
* @param filter Filters, which should be used to validate the
* metadata
* @param idForLogging Id, which is used for Logging
+ * @param pool XML parser-pool to parse SAML2 Metadaten
* @param httpClient Apache commons 4.x http client
*
* @return SAML2 Metadata Provider, or null if the metadata provider can not
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java
index b94ed8cc..88106e5b 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java
@@ -2,8 +2,6 @@ package at.gv.egiz.eaaf.modules.pvp2.test;
import java.util.List;
-import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
-
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -14,10 +12,12 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
+
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
-"/spring/test_eaaf_core_spring_config.beans.xml",
-"/spring/eaaf_utils.beans.xml" })
+ "/spring/test_eaaf_core_spring_config.beans.xml",
+ "/spring/eaaf_utils.beans.xml" })
@TestPropertySource(locations = { "/config/config_1.props" })
public class PvpCoreMessageSourceTest {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
index ee601c73..2449c73c 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
@@ -9,33 +9,6 @@ import java.util.Map;
import javax.xml.parsers.ParserConfigurationException;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
-import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
-import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
-import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
-
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.joda.time.DateTime;
@@ -69,6 +42,32 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
+import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
import net.shibboleth.utilities.java.support.net.URIComparator;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
@@ -357,7 +356,8 @@ public class PostBindingTest {
@Test
public void decodeRequestSuccessWithRequestAttributes() throws MessageDecodingException, SecurityException,
- IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, MarshallingException {
+ IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException,
+ UnmarshallingException, MarshallingException {
final String serviceUrl = "https://eidas-test.bmi.gv.at/ms_connector/pvp/post";
final String relayState = RandomStringUtils.randomAlphanumeric(10);
@@ -369,7 +369,8 @@ public class PostBindingTest {
issuer.setValue("https://demo.egiz.gv.at/demoportal_demologin/");
authnReq.setIssuer(issuer);
- final RequestAbstractType signedAuthn = Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true);
+ final RequestAbstractType signedAuthn = Saml2Utils.signSamlObject(
+ authnReq, credentialProvider.getMessageSigningCredential(), true);
final Element signedElement = XMLObjectSupport.getMarshaller(signedAuthn).marshall(signedAuthn);
final String b64AuthnReq =
Base64.getEncoder().encodeToString(SerializeSupport.nodeToString(signedElement).getBytes("UTF-8"));
@@ -404,7 +405,8 @@ public class PostBindingTest {
Assert.assertEquals("extension child size", 1, parsedAuthnReq.getExtensions().getUnknownXMLObjects().size());
final XMLObject reqAttrs = parsedAuthnReq.getExtensions().getUnknownXMLObjects().get(0);
- org.springframework.util.Assert.isInstanceOf(EaafRequestedAttributes.class, reqAttrs, "Wrong requested Attributes type");
+ org.springframework.util.Assert.isInstanceOf(
+ EaafRequestedAttributes.class, reqAttrs, "Wrong requested Attributes type");
final EaafRequestedAttributes eaafReqAttrs = (EaafRequestedAttributes) reqAttrs;
Assert.assertNotNull("Req attr is null", eaafReqAttrs.getAttributes());
Assert.assertFalse("Req attr is empty", eaafReqAttrs.getAttributes().isEmpty());
@@ -418,7 +420,8 @@ public class PostBindingTest {
Assert.assertEquals("Req. Attr. Value size", 1, eaafReqAttr.getAttributeValues().size());
org.springframework.util.Assert.isInstanceOf(XSString.class, eaafReqAttr.getAttributeValues().get(0),
"Wrong requested Attributes Value type");
- Assert.assertEquals("Req. Attr. Value", "urn:publicid:gv.at:cdid+BF", ((XSString)eaafReqAttr.getAttributeValues().get(0)).getValue());
+ Assert.assertEquals("Req. Attr. Value", "urn:publicid:gv.at:cdid+BF",
+ ((XSString)eaafReqAttr.getAttributeValues().get(0)).getValue());
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
index 8657bc60..5b09d50d 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
@@ -159,7 +159,8 @@ public class MetadataBuilderTest {
return entity;
}
- public static IPvpMetadataBuilderConfiguration idpMetadataConfig(IPvp2CredentialProvider credentialProvider, boolean buildSpInfos, boolean buildIdpInfos) {
+ public static IPvpMetadataBuilderConfiguration idpMetadataConfig(
+ IPvp2CredentialProvider credentialProvider, boolean buildSpInfos, boolean buildIdpInfos) {
return new IPvpMetadataBuilderConfiguration() {
@Override
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java
index a88fa869..df5c15f8 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java
@@ -39,6 +39,7 @@ public class AuthenticationActionTest {
protected MockHttpServletRequest httpReq;
protected MockHttpServletResponse httpResp;
private PvpSProfilePendingRequest pendingReq;
+
/**
* JUnit class initializer.
*
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java
index 8436a43d..51b4eaef 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java
@@ -35,6 +35,7 @@ public class MetadataActionTest {
protected MockHttpServletRequest httpReq;
protected MockHttpServletResponse httpResp;
private TestRequestImpl pendingReq;
+
/**
* JUnit class initializer.
*
--
cgit v1.2.3
From c7bcb18c30f1a80e23c53bb72bee13d93210041b Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Thu, 26 Mar 2020 16:47:40 +0100
Subject: some more editorial changes
---
.../impl/idp/auth/data/AuthProcessDataWrapper.java | 10 ++++-----
.../test/credentials/EaafKeyStoreFactoryTest.java | 24 +++++++++++-----------
.../modules/pvp2/test/QaaLevelVerifierTest.java | 20 +++++++++---------
.../modules/pvp2/test/binding/PostBindingTest.java | 4 +++-
.../pvp2/test/dummy/DummyCredentialProvider.java | 9 ++++++--
.../pvp2/test/metadata/MetadataBuilderTest.java | 8 ++++++++
6 files changed, 45 insertions(+), 30 deletions(-)
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
index 30144546..8eef4a8e 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
@@ -28,21 +28,21 @@ import java.util.TimeZone;
import javax.annotation.Nullable;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.idp.EaafAuthProcessDataConstants;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
public class AuthProcessDataWrapper
implements IAuthProcessDataContainer, EaafAuthProcessDataConstants {
private static final Logger log = LoggerFactory.getLogger(AuthProcessDataWrapper.class);
- public final static String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
+ public static final String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
protected Map authProcessData;
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
index ed2e159b..cefb1e7e 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
@@ -7,17 +7,6 @@ import java.security.Provider;
import java.security.cert.X509Certificate;
import java.util.List;
-import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
-
import org.apache.commons.lang3.RandomStringUtils;
import org.junit.Assert;
import org.junit.Before;
@@ -35,6 +24,17 @@ import com.google.common.base.Optional;
import com.google.common.base.Predicates;
import com.google.common.base.Throwables;
import com.google.common.collect.FluentIterable;
+
+import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
import io.grpc.StatusRuntimeException;
@RunWith(SpringJUnit4ClassRunner.class)
@@ -325,7 +325,7 @@ public class EaafKeyStoreFactoryTest {
keyStore.getFirst(), "notexist", "password".toCharArray(), false, "jUnit test");
Assert.assertNull("Credential 3", privCred3);
- //read priv. key
+ //read priv. key
final Pair privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
keyStore.getFirst(), "meta", "wrong".toCharArray(), false, "jUnit test");
Assert.assertNull("Credential 3", privCred4);
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java
index 44cdf111..c2530004 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java
@@ -27,7 +27,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
try {
@@ -35,7 +35,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
}
@@ -54,7 +54,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
}
@@ -69,7 +69,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_SUBSTANTIAL, requiredLoAs, matchingMode);
@@ -80,7 +80,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
}
@@ -95,7 +95,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
try {
@@ -103,7 +103,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_HIGH, requiredLoAs, matchingMode);
@@ -113,7 +113,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
}
@@ -128,7 +128,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_LOW, requiredLoAs, matchingMode);
@@ -139,7 +139,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
index 2449c73c..f14a9093 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
@@ -457,7 +457,9 @@ public class PostBindingTest {
try {
Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage());
- } catch (final RuntimeException e) { }
+ } catch (final RuntimeException e) {
+ Assert.assertNotNull("No errorMsg", e.getMessage());
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
index 7418e1b3..1fe9afcf 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
@@ -1,13 +1,13 @@
package at.gv.egiz.eaaf.modules.pvp2.test.dummy;
+import org.springframework.beans.factory.annotation.Autowired;
+
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
-import org.springframework.beans.factory.annotation.Autowired;
-
public class DummyCredentialProvider extends AbstractCredentialProvider {
@Autowired IConfiguration basicConfig;
@@ -49,6 +49,11 @@ public class DummyCredentialProvider extends AbstractCredentialProvider {
}
+ /**
+ * Get Path to keystore.
+ *
+ * @return
+ */
public String getKeyStoreFilePath() {
final String path = basicConfig.getBasicConfiguration(KEYSTORE_PATH);
return path;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
index 5b09d50d..3cc0a908 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
@@ -159,6 +159,14 @@ public class MetadataBuilderTest {
return entity;
}
+ /**
+ * Dummy Metadata builder configuration.
+ *
+ * @param credentialProvider Credentialprovider
+ * @param buildSpInfos Sp metadata flag
+ * @param buildIdpInfos IDP metadata flag
+ * @return
+ */
public static IPvpMetadataBuilderConfiguration idpMetadataConfig(
IPvp2CredentialProvider credentialProvider, boolean buildSpInfos, boolean buildIdpInfos) {
return new IPvpMetadataBuilderConfiguration() {
--
cgit v1.2.3
From fc360a112b7e4714edde1ad9bd44f6397b4e7449 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Tue, 31 Mar 2020 17:36:53 +0200
Subject: switch internal wbPK target-identifier for FN, ZVR, and ERSB to XFN,
XZVR, and XERSB
---
.../eaaf/core/impl/idp/AuthenticationData.java | 12 +-
.../builder/AbstractAuthenticationDataBuilder.java | 40 +--
.../core/impl/idp/auth/builder/BpkBuilder.java | 159 ++++++----
.../builder/attributes/BpkAttributeBuilder.java | 4 +
.../attributes/EidSectorForIdAttributeBuilder.java | 5 +-
.../idp/auth/AuthenticationDataBuilderTest.java | 110 +++++++
.../attributes/AbstractAttributeBuilderTest.java | 2 +-
.../auth/attributes/BpkAttributeBuilderTest.java | 123 ++++++++
.../EidSectorForIdAttributeBuilderTest.java | 123 ++++++++
.../core/impl/idp/auth/builder/BpkBuilderTest.java | 333 +++++++++++++++++++++
.../gv/egiz/eaaf/core/api/data/EaafConstants.java | 32 ++
11 files changed, 859 insertions(+), 84 deletions(-)
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/EidSectorForIdAttributeBuilderTest.java
create mode 100644 eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java
index 7b7aaa36..677e3c46 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java
@@ -27,15 +27,16 @@ import java.util.Date;
import java.util.Map;
import java.util.TimeZone;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
-import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
-
import org.apache.commons.collections4.map.HashedMap;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;
+
/**
* Service-Provider specific authentication data.
*
@@ -293,7 +294,8 @@ public class AuthenticationData implements IAuthData, Serializable {
*/
@Deprecated
public void setBpkType(final String bpkType) {
- this.bpkType = bpkType;
+ this.bpkType = BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(bpkType);
+
}
@Override
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
index 75b14489..c2f85fef 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
@@ -26,6 +26,17 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.Map.Entry;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.lang.NonNull;
+import org.springframework.util.Assert;
+import org.springframework.util.Base64Utils;
+import org.w3c.dom.DOMException;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
@@ -49,17 +60,6 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.lang.NonNull;
-import org.springframework.util.Assert;
-import org.springframework.util.Base64Utils;
-import org.w3c.dom.DOMException;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
public abstract class AbstractAuthenticationDataBuilder implements IAuthenticationDataBuilder {
private static final Logger log =
LoggerFactory.getLogger(AbstractAuthenticationDataBuilder.class);
@@ -726,21 +726,9 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class);
if (StringUtils.isNotEmpty(pvpBpkTypeAttr)) {
- // //fix a wrong bPK-Type encoding, which was used in some PVP Standardportal
- // implementations
- // if (pvpbPKTypeAttr.startsWith(EAAFConstants.URN_PREFIX_CDID) &&
- // !pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length(),
- // EAAFConstants.URN_PREFIX_CDID.length() + 1).equals("+")) {
- // log.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + "
- // Starting
- // attribute value correction ... ");
- // pvpbPKTypeAttr = EAAFConstants.URN_PREFIX_CDID + "+" +
- // pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length() + 1);
- //
- // }
- log.debug(
- "Find PVP-Attr: " + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME);
- return pvpBpkTypeAttr;
+ log.debug("Find PVP-Attr: {}", PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME);
+ return BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(pvpBpkTypeAttr);
+
}
return null;
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java
index a613bd56..bb8355ad 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java
@@ -25,20 +25,22 @@ import java.security.PrivateKey;
import java.security.PublicKey;
import java.text.SimpleDateFormat;
import java.util.Date;
+import java.util.Map.Entry;
+import javax.annotation.Nullable;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.springframework.util.Base64Utils;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
+import lombok.extern.slf4j.Slf4j;
+
/**
* Builder for the bPK, as defined in
@@ -47,9 +49,9 @@ import at.gv.egiz.eaaf.core.impl.data.Pair;
* "reference.e-government.gv.at"
.
*
*/
+@Slf4j
public class BpkBuilder {
- private static final Logger log = LoggerFactory.getLogger(BpkBuilder.class);
-
+
/**
* Calculates an area specific unique person-identifier from a baseID.
*
@@ -100,12 +102,17 @@ public class BpkBuilder {
if (baseIdType.equals(EaafConstants.URN_PREFIX_BASEID)) {
log.trace("Find baseID. Starting unique identifier caluclation for this target");
- if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_CDID)
- || targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) {
- log.trace("Calculate bPK, wbPK, or STORK identifier for target: " + targetIdentifier);
+ if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_CDID)) {
+ log.trace("Calculate bPK identifier for target: " + targetIdentifier);
return Pair.newInstance(calculatebPKwbPK(baseID + "+" + targetIdentifier),
targetIdentifier);
+ } else if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) {
+ log.trace("Calculate wbPK identifier for target: " + targetIdentifier);
+ return Pair.newInstance(calculatebPKwbPK(
+ baseID + "+" + normalizeBpkTargetIdentifierToCalculationFormat(targetIdentifier)),
+ normalizeBpkTargetIdentifierToCommonFormat(targetIdentifier));
+
} else if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_EIDAS)) {
log.trace("Calculate eIDAS identifier for target: " + targetIdentifier);
final String[] splittedTarget = targetIdentifier.split("\\+");
@@ -144,51 +151,7 @@ public class BpkBuilder {
}
}
- /**
- * Builds the eIDAS from the given parameters.
- *
- * @param baseId baseID of the citizen
- * @param baseIdType Type of the baseID
- * @param sourceCountry CountryCode of that country, which build the eIDAs
- * ID
- * @param destinationCountry CountryCode of that country, which receives the
- * eIDAs ID
- *
- * @return Pair eIDAs/bPKType in a BASE64 encoding
- * @throws EaafBuilderException if some input data are not valid
- */
- private static Pair buildEidasIdentifer(final String baseId,
- final String baseIdType, final String sourceCountry, final String destinationCountry)
- throws EaafBuilderException {
- String bpk = null;
- String bpkType = null;
- // check if we have been called by public sector application
- if (baseIdType.startsWith(EaafConstants.URN_PREFIX_BASEID)) {
- bpkType = EaafConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry;
- log.debug("Building eIDAS identification from: [identValue]+" + bpkType);
- bpk = calculatebPKwbPK(baseId + "+" + bpkType);
-
- } else { // if not, sector identification value is already calculated by BKU
- log.debug("eIDAS eIdentifier already provided by BKU");
- bpk = baseId;
- }
-
- if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(sourceCountry)
- || StringUtils.isEmpty(destinationCountry)) {
- throw new EaafBuilderException("builder.00",
- new Object[] { "eIDAS-ID",
- "Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland="
- + destinationCountry + ", Ursprungsland=" + sourceCountry },
- "eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland="
- + destinationCountry + ", Ursprungsland=" + sourceCountry);
- }
-
- log.trace("eIDAS pseudonym generation finished. ");
- final String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bpk;
-
- return Pair.newInstance(eIdentifier, bpkType);
- }
/**
* Create an encrypted bPK.
@@ -264,6 +227,100 @@ public class BpkBuilder {
}
}
+ /**
+ * Normalize wbPK target identifier for FN, ZVR, and ERSB to XFN, XZVR, and XERSB.
+ *
+ * If the target is not of this types the target will be returned as it is
+ * @param targetIdentifier bPK input target
+ * @return XFN, XZVR, XERSB, or targetIdentfier if no normalization is required
+ */
+ @Nullable
+ public static String normalizeBpkTargetIdentifierToCommonFormat(@Nullable String targetIdentifier) {
+ if (targetIdentifier != null
+ && !targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X)) {
+ for (Entry mapper : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) {
+ if (targetIdentifier.startsWith(mapper.getValue())) {
+ String wbpkTarget = mapper.getKey() + targetIdentifier.substring(mapper.getValue().length());
+ log.trace("Normalize wbPK target: {} to {}", targetIdentifier, wbpkTarget);
+ return wbpkTarget;
+
+ }
+ }
+ }
+
+ return targetIdentifier;
+ }
+
+ /**
+ * Normalize wbPK target identifier for XFN, XZVR, and XERSB to bPK calculation format like, FN, ZVR, and ERSB.
+ *
+ * If the target is not of this types the target will be returned as it is
+ *
+ * @param targetIdentifier bPK input target
+ * @return FN, ZVR, ERSB, or targetIdentfier if no normalization is required
+ */
+ @Nullable
+ public static String normalizeBpkTargetIdentifierToCalculationFormat(@Nullable String targetIdentifier) {
+ if (targetIdentifier != null && targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) {
+ for (Entry mapper : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) {
+ if (targetIdentifier.startsWith(mapper.getKey())) {
+ String wbpkTarget = mapper.getValue() + targetIdentifier.substring(mapper.getKey().length());
+ log.trace("Find new wbPK target: {}. Replace it by: {}", targetIdentifier, wbpkTarget);
+ return wbpkTarget;
+
+ }
+ }
+ }
+
+ return targetIdentifier;
+ }
+
+ /**
+ * Builds the eIDAS from the given parameters.
+ *
+ * @param baseId baseID of the citizen
+ * @param baseIdType Type of the baseID
+ * @param sourceCountry CountryCode of that country, which build the eIDAs
+ * ID
+ * @param destinationCountry CountryCode of that country, which receives the
+ * eIDAs ID
+ *
+ * @return Pair eIDAs/bPKType in a BASE64 encoding
+ * @throws EaafBuilderException if some input data are not valid
+ */
+ private static Pair buildEidasIdentifer(final String baseId,
+ final String baseIdType, final String sourceCountry, final String destinationCountry)
+ throws EaafBuilderException {
+ String bpk = null;
+ String bpkType = null;
+
+ // check if we have been called by public sector application
+ if (baseIdType.startsWith(EaafConstants.URN_PREFIX_BASEID)) {
+ bpkType = EaafConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry;
+ log.debug("Building eIDAS identification from: [identValue]+" + bpkType);
+ bpk = calculatebPKwbPK(baseId + "+" + bpkType);
+
+ } else { // if not, sector identification value is already calculated by BKU
+ log.debug("eIDAS eIdentifier already provided by BKU");
+ bpk = baseId;
+ }
+
+ if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(sourceCountry)
+ || StringUtils.isEmpty(destinationCountry)) {
+ throw new EaafBuilderException("builder.00",
+ new Object[] { "eIDAS-ID",
+ "Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland="
+ + destinationCountry + ", Ursprungsland=" + sourceCountry },
+ "eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland="
+ + destinationCountry + ", Ursprungsland=" + sourceCountry);
+ }
+
+ log.trace("eIDAS pseudonym generation finished. ");
+ final String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bpk;
+
+ return Pair.newInstance(eIdentifier, bpkType);
+ }
+
private static String calculatebPKwbPK(final String basisbegriff) throws EaafBuilderException {
try {
final MessageDigest md = MessageDigest.getInstance("SHA-1");
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java
index 172d74a7..e18cc1a8 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java
@@ -84,12 +84,16 @@ public class BpkAttributeBuilder implements IPvpAttributeBuilder {
Assert.isTrue(type != null, "bPKType is 'NULL'");
if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) {
return type.substring(EaafConstants.URN_PREFIX_WBPK.length());
+
} else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) {
return type.substring(EaafConstants.URN_PREFIX_CDID.length());
+
} else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) {
return type.substring(EaafConstants.URN_PREFIX_EIDAS.length());
+
} else {
return type;
+
}
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java
index 3aedf9ab..48d7a3a3 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java
@@ -27,6 +27,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;
@PvpMetadata
public class EidSectorForIdAttributeBuilder implements IPvpAttributeBuilder {
@@ -46,7 +47,9 @@ public class EidSectorForIdAttributeBuilder implements IPvpAttributeBuilder {
}
return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
- EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype);
+ EID_SECTOR_FOR_IDENTIFIER_NAME,
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(bpktype));
+
}
@Override
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java
index 072dbb95..33bd1010 100644
--- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java
@@ -4,6 +4,7 @@ import java.io.ByteArrayInputStream;
import java.util.HashMap;
import java.util.Map;
+import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
@@ -11,7 +12,11 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.util.Base64Utils;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafParserException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyConfiguration;
@@ -156,6 +161,111 @@ public class AuthenticationDataBuilderTest {
}
+ @Test
+ public void buildAuthDataBpkTest() throws EaafParserException,
+ EaafAuthenticationException, EaafStorageException {
+ final TestRequestImpl pendingReq = new TestRequestImpl();
+ final Map spConfigMap = new HashMap<>();
+ spConfigMap.put("target", "urn:publicid:gv.at:cdid+ZP-MH");
+
+ final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, authConfig);
+ pendingReq.setSpConfig(spConfig);
+
+ final HashMap sessionStore = new HashMap<>();
+ final AuthProcessDataWrapper wrapper = new AuthProcessDataWrapper(sessionStore);
+ wrapper.setIdentityLink(new SimpleIdentityLinkAssertionParser(
+ new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_2.getBytes())))
+ .parseIdentityLink());
+ pendingReq.setRawDataToTransaction(sessionStore);
+
+
+ //build authData
+ IAuthData authData = authBuilder.buildAuthenticationData(pendingReq);
+
+ Assert.assertEquals("Wrong bPK", "RwsSdKzmcbL5FKoADZx7/iUZANE=", authData.getBpk());
+ Assert.assertEquals("Wrong bPKType", "urn:publicid:gv.at:cdid+ZP-MH", authData.getBpkType());
+
+
+ }
+
+ @Test
+ public void buildAuthDataWbpkTestWithoutXTarget() throws EaafParserException,
+ EaafAuthenticationException, EaafStorageException {
+ final TestRequestImpl pendingReq = new TestRequestImpl();
+ final Map spConfigMap = new HashMap<>();
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "FN+123456i");
+
+ final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, authConfig);
+ pendingReq.setSpConfig(spConfig);
+
+ final HashMap sessionStore = new HashMap<>();
+ final AuthProcessDataWrapper wrapper = new AuthProcessDataWrapper(sessionStore);
+ wrapper.setIdentityLink(new SimpleIdentityLinkAssertionParser(
+ new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_2.getBytes())))
+ .parseIdentityLink());
+ pendingReq.setRawDataToTransaction(sessionStore);
+
+
+ //build authData
+ IAuthData authData = authBuilder.buildAuthenticationData(pendingReq);
+
+ Assert.assertEquals("Wrong bPK", "k65HRxpVcoZ2OPZHo3j2LEn/JQE=", authData.getBpk());
+ Assert.assertEquals("Wrong bPKType", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", authData.getBpkType());
+
+ }
+
+ @Test
+ public void buildAuthDataWbpkTestWithXTarget() throws EaafParserException,
+ EaafAuthenticationException, EaafStorageException {
+ final TestRequestImpl pendingReq = new TestRequestImpl();
+ final Map spConfigMap = new HashMap<>();
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i");
+
+ final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, authConfig);
+ pendingReq.setSpConfig(spConfig);
+
+ final HashMap sessionStore = new HashMap<>();
+ final AuthProcessDataWrapper wrapper = new AuthProcessDataWrapper(sessionStore);
+ wrapper.setIdentityLink(new SimpleIdentityLinkAssertionParser(
+ new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_2.getBytes())))
+ .parseIdentityLink());
+ pendingReq.setRawDataToTransaction(sessionStore);
+
+
+ //build authData
+ IAuthData authData = authBuilder.buildAuthenticationData(pendingReq);
+
+ Assert.assertEquals("Wrong bPK", "k65HRxpVcoZ2OPZHo3j2LEn/JQE=", authData.getBpk());
+ Assert.assertEquals("Wrong bPKType", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", authData.getBpkType());
+
+ }
+
+ @Test
+ public void buildAuthDataEidasTarget() throws EaafParserException,
+ EaafAuthenticationException, EaafStorageException {
+ final TestRequestImpl pendingReq = new TestRequestImpl();
+ final Map spConfigMap = new HashMap<>();
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+ES");
+
+ final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, authConfig);
+ pendingReq.setSpConfig(spConfig);
+
+ final HashMap sessionStore = new HashMap<>();
+ final AuthProcessDataWrapper wrapper = new AuthProcessDataWrapper(sessionStore);
+ wrapper.setIdentityLink(new SimpleIdentityLinkAssertionParser(
+ new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_2.getBytes())))
+ .parseIdentityLink());
+ pendingReq.setRawDataToTransaction(sessionStore);
+
+
+ //build authData
+ IAuthData authData = authBuilder.buildAuthenticationData(pendingReq);
+
+ Assert.assertEquals("Wrong bPK", "AT/ES/7AuLZNKsiRr97yvLsQ16SZ6r0q0=", authData.getBpk());
+ Assert.assertEquals("Wrong bPKType", EaafConstants.URN_PREFIX_EIDAS + "AT+ES", authData.getBpkType());
+
+ }
+
private void buildAuthDataWithIdlOnly_2(final Boolean idlEscaptionFlag, final String givenName,
final String familyName) throws Exception {
IAuthData authData = null;
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/AbstractAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/AbstractAttributeBuilderTest.java
index 96e870ee..7092031f 100644
--- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/AbstractAttributeBuilderTest.java
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/AbstractAttributeBuilderTest.java
@@ -130,7 +130,7 @@ public abstract class AbstractAttributeBuilderTest {
protected IAttributeGenerator gen = new SimpleStringAttributeGenerator();
protected static DummySpConfiguration spConfig = null;
- private static final Map spConfigMap = new HashMap<>();
+ protected static final Map spConfigMap = new HashMap<>();
private static final TestRequestImpl pendingReq = new TestRequestImpl();
/**
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java
new file mode 100644
index 00000000..1ad75abc
--- /dev/null
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java
@@ -0,0 +1,123 @@
+package at.gv.egiz.eaaf.core.impl.idp.auth.attributes;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BpkAttributeBuilder;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context_eaaf_core.xml")
+public class BpkAttributeBuilderTest extends AbstractAttributeBuilderTest {
+
+ private final IAttributeBuilder attrBuilde = new BpkAttributeBuilder();
+
+ @Test
+ public void performTestBpk() throws Exception {
+ spConfigMap.put("target", "urn:publicid:gv.at:cdid+ZP-MH");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong bPK",
+ "ZP-MH:" + authData.getBpk(),
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkFn() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK",
+ "XFN+123456i:" + authData.getBpk(),
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkZvr() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XZVR+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK",
+ "XZVR+123456i:" + authData.getBpk(),
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkErsb() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XERSB+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK",
+ "XERSB+123456i:" + authData.getBpk(),
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkOldFormFn() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "FN+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK",
+ "XFN+123456i:" + authData.getBpk(),
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkOldFormZvr() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "ZVR+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK",
+ "XZVR+123456i:" + authData.getBpk(),
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkOldFormErsb() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "ERSB+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK",
+ "XERSB+123456i:" + authData.getBpk(),
+ value);
+
+ }
+
+ @Test
+ public void performTestEidas() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+ES");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong eIDAS bPK",
+ "AT+ES:" + authData.getBpk(),
+ value);
+
+ }
+}
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/EidSectorForIdAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/EidSectorForIdAttributeBuilderTest.java
new file mode 100644
index 00000000..204eea56
--- /dev/null
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/EidSectorForIdAttributeBuilderTest.java
@@ -0,0 +1,123 @@
+package at.gv.egiz.eaaf.core.impl.idp.auth.attributes;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidSectorForIdAttributeBuilder;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context_eaaf_core.xml")
+public class EidSectorForIdAttributeBuilderTest extends AbstractAttributeBuilderTest {
+
+ private final IAttributeBuilder attrBuilde = new EidSectorForIdAttributeBuilder();
+
+ @Test
+ public void performTestBpk() throws Exception {
+ spConfigMap.put("target", "urn:publicid:gv.at:cdid+ZP-MH");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong bPK target",
+ "urn:publicid:gv.at:cdid+ZP-MH",
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkFn() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK target",
+ EaafConstants.URN_PREFIX_WBPK + "FN+123456i",
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkZvr() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XZVR+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK target",
+ EaafConstants.URN_PREFIX_WBPK + "ZVR+123456i",
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkErsb() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XERSB+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK target",
+ EaafConstants.URN_PREFIX_WBPK + "ERSB+123456i",
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkOldFormFn() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "FN+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK target",
+ EaafConstants.URN_PREFIX_WBPK + "FN+123456i",
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkOldFormZvr() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "ZVR+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK target",
+ EaafConstants.URN_PREFIX_WBPK + "ZVR+123456i",
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkOldFormErsb() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "ERSB+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK target",
+ EaafConstants.URN_PREFIX_WBPK + "ERSB+123456i",
+ value);
+
+ }
+
+ @Test
+ public void performTestEidas() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+ES");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong eIDAS bPK target",
+ EaafConstants.URN_PREFIX_EIDAS + "AT+ES",
+ value);
+
+ }
+}
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java
new file mode 100644
index 00000000..0ca8ca53
--- /dev/null
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java
@@ -0,0 +1,333 @@
+package at.gv.egiz.eaaf.core.impl.idp.auth.builder;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class BpkBuilderTest {
+
+ private static final String BASEID = "RUxHQVRlc3RQQjBYWFjFkHpnw7xyX1hYWFTDvHpla8OnaQ==";
+
+
+ @Test
+ public void noBaseId() {
+ try {
+ BpkBuilder.generateAreaSpecificPersonIdentifier(null, EaafConstants.URN_PREFIX_CDID + "AA");
+
+ } catch (EaafBuilderException e) {
+ Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId());
+ }
+ }
+
+ @Test
+ public void noTarget() {
+ try {
+ BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID, null);
+
+ } catch (EaafBuilderException e) {
+ Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId());
+ }
+ }
+
+ @Test
+ public void noBaseIdType() {
+ try {
+ BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID,
+ null, EaafConstants.URN_PREFIX_CDID + "AA");
+
+ } catch (EaafBuilderException e) {
+ Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId());
+ }
+ }
+
+ @Test
+ public void wrongBaseIdType() {
+ try {
+ BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID,
+ EaafConstants.URN_PREFIX_CDID + "BB", EaafConstants.URN_PREFIX_CDID + "AA");
+
+ } catch (EaafBuilderException e) {
+ Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId());
+ }
+ }
+
+ @Test
+ public void baseIdTypeEqualsTarget() throws EaafBuilderException {
+ Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID,
+ EaafConstants.URN_PREFIX_CDID + "AA", EaafConstants.URN_PREFIX_CDID + "AA");
+
+ Assert.assertEquals("first bPK", BASEID,
+ result1.getFirst());
+ Assert.assertEquals("first bPK", "urn:publicid:gv.at:cdid+AA",
+ result1.getSecond());
+
+ }
+
+ @Test
+ public void buildBpk() throws EaafBuilderException {
+
+ Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_CDID + "AA");
+ Pair result2 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_CDID + "BB");
+
+ Assert.assertEquals("first bPK", "b1Ip610zZq/Or/uCqgb51lnAdZM=",
+ result1.getFirst());
+ Assert.assertEquals("first bPK", "urn:publicid:gv.at:cdid+AA",
+ result1.getSecond());
+
+ Assert.assertEquals("second bPK", "uYst6hjKJvyp7s/ezD8zsnkcj9k=",
+ result2.getFirst());
+ Assert.assertEquals("second bPK", "urn:publicid:gv.at:cdid+BB",
+ result2.getSecond());
+
+ }
+
+ @Test
+ public void buildWbpkFn() throws EaafBuilderException {
+
+ Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_WBPK + "FN+123456i");
+
+ Assert.assertEquals("wbPK", "k65HRxpVcoZ2OPZHo3j2LEn/JQE=",
+ result1.getFirst());
+ Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XFN+123456i",
+ result1.getSecond());
+
+ }
+
+ @Test
+ public void buildWbpkZvr() throws EaafBuilderException {
+
+ Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_WBPK + "ZVR+123456");
+
+ Assert.assertEquals("wbPK", "g4JRKGS+AJxd9FU8k2tG8Lxrx6M=",
+ result1.getFirst());
+ Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XZVR+123456",
+ result1.getSecond());
+
+ }
+
+ @Test
+ public void buildWbpkErsb() throws EaafBuilderException {
+
+ Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_WBPK + "ERSB+123456");
+
+ Assert.assertEquals("wbPK", "Bjnl0BofeJGgqynJP1r/ff6E1Rk=",
+ result1.getFirst());
+ Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XERSB+123456",
+ result1.getSecond());
+
+ }
+
+ @Test
+ public void buildWbpkXFn() throws EaafBuilderException {
+
+ Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_WBPK + "XFN+123456i");
+
+ Assert.assertEquals("wbPK", "k65HRxpVcoZ2OPZHo3j2LEn/JQE=",
+ result1.getFirst());
+ Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XFN+123456i",
+ result1.getSecond());
+
+ }
+
+ @Test
+ public void buildWbpkXZvr() throws EaafBuilderException {
+
+ Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_WBPK + "XZVR+123456");
+
+ Assert.assertEquals("wbPK", "g4JRKGS+AJxd9FU8k2tG8Lxrx6M=",
+ result1.getFirst());
+ Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XZVR+123456",
+ result1.getSecond());
+
+ }
+
+ @Test
+ public void buildWbpkXErsb() throws EaafBuilderException {
+
+ Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_WBPK + "XERSB+123456");
+
+ Assert.assertEquals("wbPK", "Bjnl0BofeJGgqynJP1r/ff6E1Rk=",
+ result1.getFirst());
+ Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XERSB+123456",
+ result1.getSecond());
+
+ }
+
+ @Test
+ public void buildWbpkOthers() throws EaafBuilderException {
+
+ Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_WBPK + "XABC+123456");
+
+ Assert.assertEquals("wbPK", "wv96/xKUyi6YoYGv7IcIlFTsJIk=",
+ result1.getFirst());
+ Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XABC+123456",
+ result1.getSecond());
+
+ }
+
+ @Test
+ public void buildEidasId() throws EaafBuilderException {
+
+ Pair result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_EIDAS + "AT+ES");
+
+ Assert.assertEquals("eidas", "AT/ES/7AuLZNKsiRr97yvLsQ16SZ6r0q0=",
+ result1.getFirst());
+ Assert.assertEquals("wbPK", "urn:publicid:gv.at:eidasid+AT+ES",
+ result1.getSecond());
+
+ }
+
+ @Test
+ public void normalizeNullTarget() {
+ Assert.assertNull("Wrong normalized target",
+ BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(null));
+
+ }
+
+ @Test
+ public void normalizeBpkTarget() {
+ String target = EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2);
+ Assert.assertEquals("Wrong normalized target",
+ target,
+ BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target));
+
+ }
+
+ @Test
+ public void normalizeWbpkTargetWithX() {
+ String target = EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + RandomStringUtils.randomAlphabetic(2);
+ Assert.assertEquals("Wrong normalized target",
+ target,
+ BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target));
+
+ }
+
+ @Test
+ public void normalizeWbpkTargetWithOutXNoMapping() {
+ String target = EaafConstants.URN_PREFIX_WBPK + RandomStringUtils.randomAlphabetic(2);
+ Assert.assertEquals("Wrong normalized target",
+ target,
+ BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target));
+
+ }
+
+ @Test
+ public void normalizeWbpkTargetWithOutXMappingFn() {
+ Assert.assertEquals("Wrong normalized target",
+ EaafConstants.URN_PREFIX_WBPK + "XFN+123456i",
+ BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(EaafConstants.URN_PREFIX_WBPK + "FN+123456i"));
+
+ }
+
+ @Test
+ public void normalizeWbpkTargetWithOutXMappingZvr() {
+ Assert.assertEquals("Wrong normalized target",
+ EaafConstants.URN_PREFIX_WBPK + "XZVR+1122334455",
+ BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(EaafConstants.URN_PREFIX_WBPK + "ZVR+1122334455"));
+
+ }
+
+ @Test
+ public void normalizeWbpkTargetWithOutXMappingErsb() {
+ Assert.assertEquals("Wrong normalized target",
+ EaafConstants.URN_PREFIX_WBPK + "XERSB+998877665544",
+ BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(EaafConstants.URN_PREFIX_WBPK + "ERSB+998877665544"));
+
+ }
+
+ @Test
+ public void normalizeEidasTarget() {
+ String target = EaafConstants.URN_PREFIX_EIDAS + RandomStringUtils.randomAlphabetic(2)
+ + "+" + RandomStringUtils.randomAlphabetic(2);
+ Assert.assertEquals("Wrong normalized target",
+ target,
+ BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target));
+
+ }
+
+ @Test
+ public void calcNormalizeNullTarget() {
+ Assert.assertNull("Wrong normalized target",
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(null));
+
+ }
+
+ @Test
+ public void calcNormalizeBpkTarget() {
+ String target = EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2);
+ Assert.assertEquals("Wrong normalized target",
+ target,
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(target));
+
+ }
+
+ @Test
+ public void calcNormalizeWbpkTargetWithoutX() {
+
+ Assert.assertEquals("Wrong normalized target",
+ EaafConstants.URN_PREFIX_WBPK + "FN+123456i",
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "FN+123456i"));
+
+ }
+
+ @Test
+ public void calcNormalizeWbpkTargetWithOutXNoMapping() {
+ String target = EaafConstants.URN_PREFIX_WBPK + RandomStringUtils.randomAlphabetic(2);
+ Assert.assertEquals("Wrong normalized target",
+ target,
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(target));
+
+ }
+
+ @Test
+ public void calcNormalizeWbpkTargetWithXMappingFn() {
+ Assert.assertEquals("Wrong normalized target",
+ EaafConstants.URN_PREFIX_WBPK + "FN+123456i",
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "XFN+123456i"));
+
+ }
+
+ @Test
+ public void calcNormalizeWbpkTargetWithXMappingZvr() {
+ Assert.assertEquals("Wrong normalized target",
+ EaafConstants.URN_PREFIX_WBPK + "ZVR+1122334455",
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "XZVR+1122334455"));
+
+ }
+
+ @Test
+ public void calcNormalizeWbpkTargetWithXMappingErsb() {
+ Assert.assertEquals("Wrong normalized target",
+ EaafConstants.URN_PREFIX_WBPK + "ERSB+998877665544",
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "XERSB+998877665544"));
+
+ }
+
+ @Test
+ public void calcNormalizeEidasTarget() {
+ String target = EaafConstants.URN_PREFIX_EIDAS + RandomStringUtils.randomAlphabetic(2)
+ + "+" + RandomStringUtils.randomAlphabetic(2);
+ Assert.assertEquals("Wrong normalized target",
+ target,
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(target));
+
+ }
+
+}
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java
index 4bd5bc39..57375e01 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java
@@ -19,6 +19,10 @@
package at.gv.egiz.eaaf.core.api.data;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
public class EaafConstants {
public static final String CONTENTTYPE_HTML_UTF8 = "text/html; charset=UTF-8";
@@ -51,6 +55,34 @@ public class EaafConstants {
public static final String URN_PREFIX_EIDAS = URN_PREFIX_WITH_COLON + URN_PART_EIDAS;
public static final String URN_PREFIX_OW_BPK = URN_PREFIX_CDID + "OW";
+ public static final String URN_PREFIX_WBPK_TARGET_WITH_X = EaafConstants.URN_PREFIX_WBPK + "X";
+ private static final String WBPK_TARGET_FN = "FN";
+ private static final String WBPK_TARGET_ZVR = "ZVR";
+ private static final String WBPK_TARGET_ERSB = "ERSB";
+
+ private static final String URN_PREFIX_WBPK_TARGET_XFN_TARGET =
+ EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + WBPK_TARGET_FN;
+ private static final String URN_PREFIX_WBPK_TARGET_XZVR_TARGET =
+ EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + WBPK_TARGET_ZVR;
+ private static final String URN_PREFIX_WBPK_TARGET_XERSB_TARGET =
+ EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + WBPK_TARGET_ERSB;
+
+ private static final String URN_PREFIX_WBPK_TARGET_FN_TARGET = EaafConstants.URN_PREFIX_WBPK + WBPK_TARGET_FN;
+ private static final String URN_PREFIX_WBPK_TARGET_ZVR_TARGET = EaafConstants.URN_PREFIX_WBPK + WBPK_TARGET_ZVR;
+ private static final String URN_PREFIX_WBPK_TARGET_ERSB_TARGET = EaafConstants.URN_PREFIX_WBPK + WBPK_TARGET_ERSB;
+
+ public static final Map URN_WBPK_TARGET_X_TO_NONE_MAPPER;
+
+ static {
+ final Map intMap = new LinkedHashMap<>();
+ intMap.put(URN_PREFIX_WBPK_TARGET_XFN_TARGET, URN_PREFIX_WBPK_TARGET_FN_TARGET);
+ intMap.put(URN_PREFIX_WBPK_TARGET_XZVR_TARGET, URN_PREFIX_WBPK_TARGET_ZVR_TARGET);
+ intMap.put(URN_PREFIX_WBPK_TARGET_XERSB_TARGET, URN_PREFIX_WBPK_TARGET_ERSB_TARGET);
+ URN_WBPK_TARGET_X_TO_NONE_MAPPER = Collections.unmodifiableMap(intMap);
+
+ }
+
+
// Authentication process data_constants
public static final String UNIQUESESSIONIDENTIFIER = "eaaf_uniqueSessionIdentifier";
public static final String AUTH_DATA_CREATED = "eaaf_authdata_created";
--
cgit v1.2.3
From ccef126ae469181b9a4a15ea16d0ab0ffa22621e Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Tue, 31 Mar 2020 18:15:49 +0200
Subject: change default SSLContext factory to Apache HTTP-Client based version
---
.../eaaf/core/impl/http/HttpClientFactory.java | 59 +++++++++-------------
1 file changed, 24 insertions(+), 35 deletions(-)
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
index 58d7e7b2..00d5891a 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
@@ -1,7 +1,6 @@
package at.gv.egiz.eaaf.core.impl.http;
import java.security.KeyStore;
-import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Map;
@@ -35,12 +34,12 @@ import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.protocol.HttpContext;
+import org.apache.http.ssl.SSLContexts;
import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
import lombok.extern.slf4j.Slf4j;
@@ -53,8 +52,6 @@ public class HttpClientFactory implements IHttpClientFactory {
@Autowired
private EaafKeyStoreFactory keyStoreFactory;
- private static final String ERROR_03 = "internal.httpclient.03";
-
public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE =
"client.http.connection.pool.use";
public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL =
@@ -238,43 +235,35 @@ public class HttpClientFactory implements IHttpClientFactory {
private LayeredConnectionSocketFactory getSslContext(final HttpClientConfiguration httpClientConfig)
throws EaafException {
SSLContext sslContext = null;
- try {
- if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.SSL)) {
- log.debug("Open keyStore with type: {}", httpClientConfig.getKeyStoreConfig().getKeyStoreType());
- final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig.getKeyStoreConfig())
- .getFirst();
-
- log.trace("Injecting SSL client-authentication into http client ... ");
- sslContext = HttpUtils.buildSslContextWithSslClientAuthentication(keyStore,
- httpClientConfig.getSslKeyAlias(), httpClientConfig.getSslKeyPassword(),
- httpClientConfig.isDisableTlsHostCertificateValidation(), httpClientConfig.getFriendlyName());
-
- } else {
- log.trace("Initializing default SSL Context ... ");
- sslContext = SSLContext.getDefault();
-
- }
+ if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.SSL)) {
+ log.debug("Open keyStore with type: {}", httpClientConfig.getKeyStoreConfig().getKeyStoreType());
+ final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig.getKeyStoreConfig())
+ .getFirst();
- // set hostname verifier
- HostnameVerifier hostnameVerifier = null;
- if (httpClientConfig.isDisableHostnameValidation()) {
- hostnameVerifier = new NoopHostnameVerifier();
- log.warn("HTTP client-builder deactivates SSL Host-name verification!");
+ log.trace("Injecting SSL client-authentication into http client ... ");
+ sslContext = HttpUtils.buildSslContextWithSslClientAuthentication(keyStore,
+ httpClientConfig.getSslKeyAlias(), httpClientConfig.getSslKeyPassword(),
+ httpClientConfig.isDisableTlsHostCertificateValidation(), httpClientConfig.getFriendlyName());
- }
-
- final LayeredConnectionSocketFactory sslSocketFactory =
- new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
- log.debug("HTTP client-builder successfuly initialized");
- return sslSocketFactory;
+ } else {
+ log.trace("Initializing default SSL Context ... ");
+ sslContext = SSLContexts.createDefault();
+
+ }
- } catch (final NoSuchAlgorithmException e) {
- log.warn("HTTP client-builder can NOT initialze SSL-Context", e);
- throw new EaafFactoryException(ERROR_03, new Object[] {
- httpClientConfig.getFriendlyName(), e.getMessage()}, e);
+ // set hostname verifier
+ HostnameVerifier hostnameVerifier = null;
+ if (httpClientConfig.isDisableHostnameValidation()) {
+ hostnameVerifier = new NoopHostnameVerifier();
+ log.warn("HTTP client-builder deactivates SSL Host-name verification!");
}
+ final LayeredConnectionSocketFactory sslSocketFactory =
+ new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
+ log.debug("HTTP client-builder successfuly initialized");
+ return sslSocketFactory;
+
}
private void injectDefaultConnectionPoolIfRequired(
--
cgit v1.2.3
From bada55e1a4ee92bc05d55950836942ed6c3e97f6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Wed, 1 Apr 2020 09:05:40 +0200
Subject: fix wrong format in case of encrypted wbPKs
---
.../core/impl/idp/auth/builder/BpkBuilder.java | 57 ++++++----
.../messages/eaaf_core_messages.properties | 5 +-
.../core/impl/idp/auth/builder/BpkBuilderTest.java | 122 ++++++++++++++++++++-
3 files changed, 161 insertions(+), 23 deletions(-)
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java
index bb8355ad..fed4af32 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java
@@ -52,6 +52,8 @@ import lombok.extern.slf4j.Slf4j;
@Slf4j
public class BpkBuilder {
+ private static final String ERROR_MSG_WRONG_TARGET_FORMAT = "bPK-target format must be full URI";
+
/**
* Calculates an area specific unique person-identifier from a baseID.
*
@@ -157,7 +159,7 @@ public class BpkBuilder {
* Create an encrypted bPK.
*
* @param bpk unencrypted bPK
- * @param target bPK target
+ * @param target bPK target in full form
* @param publicKey Public-Key used for encryption
* @return encrypted bPK
* @throws EaafBuilderException In case of an error
@@ -165,12 +167,17 @@ public class BpkBuilder {
public static String encryptBpk(final String bpk, String target, final PublicKey publicKey)
throws EaafBuilderException {
final SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
- if (target.startsWith(EaafConstants.URN_PREFIX_CDID)) {
- target = target.substring(EaafConstants.URN_PREFIX_CDID.length());
+
+ if (!target.startsWith(EaafConstants.URN_PREFIX_WITH_COLON)) {
+ throw new EaafBuilderException("builder.32",
+ null, ERROR_MSG_WRONG_TARGET_FORMAT);
+
}
+
+ target = normalizeBpkTargetIdentifierToCalculationFormat(target);
final String input =
- "V1::urn:publicid:gv.at:cdid+" + target + "::" + bpk + "::" + sdf.format(new Date());
+ "V1::" + target + "::" + bpk + "::" + sdf.format(new Date());
// System.out.println(input);
byte[] result;
try {
@@ -190,17 +197,23 @@ public class BpkBuilder {
* Decrypt an encrypted bPK.
*
* @param encryptedBpk encrypted bPK
- * @param target bPK target
+ * @param target bPK target in full form
* @param privateKey private-key for decryption
- * @return bPK
+ * @return bPK Pair consists of (unique person identifier for this target,
+ * targetArea) but never null
* @throws EaafBuilderException In case of an error
*/
- public static String decryptBpk(final String encryptedBpk, String target,
+ public static Pair decryptBpk(final String encryptedBpk, String target,
final PrivateKey privateKey) throws EaafBuilderException {
String decryptedString;
+
+ if (!target.startsWith(EaafConstants.URN_PREFIX_WITH_COLON)) {
+ throw new EaafBuilderException("builder.32",
+ null, ERROR_MSG_WRONG_TARGET_FORMAT);
+
+ }
+
try {
- // byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false,
- // "ISO-8859-1");
final byte[] encryptedBytes = Base64Utils.decode(encryptedBpk.getBytes("ISO-8859-1"));
final byte[] decryptedBytes = decrypt(encryptedBytes, privateKey);
decryptedString = new String(decryptedBytes, "ISO-8859-1");
@@ -210,20 +223,24 @@ public class BpkBuilder {
}
- String tmp = decryptedString.substring(decryptedString.indexOf('+') + 1);
- final String sector = tmp.substring(0, tmp.indexOf("::"));
- tmp = tmp.substring(tmp.indexOf("::") + 2);
- final String bPK = tmp.substring(0, tmp.indexOf("::"));
-
- if (target.startsWith(EaafConstants.URN_PREFIX_CDID + "+")) {
- target = target.substring((EaafConstants.URN_PREFIX_CDID + "+").length());
+ String[] parts = decryptedString.split("::");
+ if (parts.length != 4) {
+ log.trace("Encrypted bPK has value: {}", decryptedString);
+ throw new EaafBuilderException("builder.31", new Object[] {parts.length},
+ "encBpk has a suspect format");
+
}
+
+ final String sector = parts[1];
+ final String bPK = parts[2];
- if (target.equals(sector)) {
- return bPK;
+ if (target.equals(normalizeBpkTargetIdentifierToCommonFormat(sector))) {
+ return Pair.newInstance(bPK, target);
+
} else {
- log.error("Decrypted bPK does not match to request bPK target.");
- return null;
+ throw new EaafBuilderException("builder.30", new Object[] {sector, target},
+ "Decrypted bPK-target does not match");
+
}
}
diff --git a/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties b/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties
index 1916a7fc..064554b9 100644
--- a/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties
+++ b/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties
@@ -1,6 +1,7 @@
eaaf.core.00=Requested URL: {0} is NOT allowed by configuration.
builder.08=Authentication process could NOT completed. Reason: {0}
-
-
+builder.30=Decrypted bPK target: {0} does not match to required target: {1}
+builder.31=Encrypted bPK has a suspect format and consists of #{0} elements
+builder.32=bPK-target format must be full URI
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java
index 0ca8ca53..64c13781 100644
--- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java
@@ -1,7 +1,14 @@
package at.gv.egiz.eaaf.core.impl.idp.auth.builder;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+
import org.apache.commons.lang3.RandomStringUtils;
import org.junit.Assert;
+import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.BlockJUnit4ClassRunner;
@@ -15,6 +22,118 @@ public class BpkBuilderTest {
private static final String BASEID = "RUxHQVRlc3RQQjBYWFjFkHpnw7xyX1hYWFTDvHpla8OnaQ==";
+ private KeyPair keyPair;
+
+
+ /**
+ * jUnit test initializer.
+ * @throws NoSuchProviderException In case of an error
+ * @throws NoSuchAlgorithmException In case of an error
+ */
+ @Before
+ public void initialize() throws NoSuchAlgorithmException, NoSuchProviderException {
+ KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+ keyPair = keyGen.generateKeyPair();
+
+ }
+
+ @Test
+ public void encBpkWrongTarget() throws InvalidKeyException {
+ String bpk = RandomStringUtils.randomAlphanumeric(25);
+ String target = RandomStringUtils.randomAlphanumeric(25);
+
+ try {
+ BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic());
+ Assert.fail("Wrong parameters not detected");
+
+ } catch (EaafBuilderException e) {
+ Assert.assertEquals("Wrong errorMsg", "builder.32", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void decBpkWrongTarget() throws InvalidKeyException {
+ String bpk = RandomStringUtils.randomAlphanumeric(25);
+ String target = RandomStringUtils.randomAlphanumeric(25);
+
+ try {
+ BpkBuilder.decryptBpk(bpk, target, keyPair.getPrivate());
+ Assert.fail("Wrong parameters not detected");
+
+ } catch (EaafBuilderException e) {
+ Assert.assertEquals("Wrong errorMsg", "builder.32", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void decBpkWrongTargetInEncBpk() throws InvalidKeyException, EaafBuilderException {
+ String bpk = RandomStringUtils.randomAlphanumeric(25);
+ String target = EaafConstants.URN_PREFIX_CDID + "AA";
+
+ String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic());
+ try {
+ BpkBuilder.decryptBpk(encBpk,
+ EaafConstants.URN_PREFIX_CDID + "BB", keyPair.getPrivate());
+ Assert.fail("Wrong parameters not detected");
+
+ } catch (EaafBuilderException e) {
+ Assert.assertEquals("Wrong errorMsg", "builder.30", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void encBpkSuccess() throws EaafBuilderException, InvalidKeyException {
+ String bpk = RandomStringUtils.randomAlphanumeric(25);
+ String target = EaafConstants.URN_PREFIX_CDID + "AA";
+
+ String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic());
+
+ Assert.assertNotNull("encBpk", encBpk);
+
+ Pair decBpk = BpkBuilder.decryptBpk(encBpk, target, keyPair.getPrivate());
+
+ Assert.assertEquals("wrong bBK", bpk, decBpk.getFirst());
+ Assert.assertEquals("wrong bBK-Target", target, decBpk.getSecond());
+
+ }
+
+ @Test
+ public void encWbpkSuccess() throws EaafBuilderException, InvalidKeyException {
+ String bpk = RandomStringUtils.randomAlphanumeric(25);
+ String target = EaafConstants.URN_PREFIX_WBPK + "XFN+123456i";
+
+ String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic());
+
+ Assert.assertNotNull("encBpk", encBpk);
+
+ Pair decBpk = BpkBuilder.decryptBpk(encBpk, target, keyPair.getPrivate());
+
+ Assert.assertEquals("wrong bBK", bpk, decBpk.getFirst());
+ Assert.assertEquals("wrong bBK-Target", target, decBpk.getSecond());
+
+ }
+
+ @Test
+ public void encWbpkSuccessSecond() throws EaafBuilderException, InvalidKeyException {
+ String bpk = RandomStringUtils.randomAlphanumeric(25);
+ String target = EaafConstants.URN_PREFIX_WBPK + "FN+123456i";
+
+ String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic());
+
+ Assert.assertNotNull("encBpk", encBpk);
+
+ Pair decBpk = BpkBuilder.decryptBpk(encBpk,
+ EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", keyPair.getPrivate());
+
+ Assert.assertEquals("wrong bBK", bpk, decBpk.getFirst());
+ Assert.assertEquals("wrong bBK-Target",
+ EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", decBpk.getSecond());
+
+ }
+
@Test
public void noBaseId() {
@@ -316,7 +435,8 @@ public class BpkBuilderTest {
public void calcNormalizeWbpkTargetWithXMappingErsb() {
Assert.assertEquals("Wrong normalized target",
EaafConstants.URN_PREFIX_WBPK + "ERSB+998877665544",
- BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "XERSB+998877665544"));
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(
+ EaafConstants.URN_PREFIX_WBPK + "XERSB+998877665544"));
}
--
cgit v1.2.3
From 5945c62128c2cb9d552ad7b4c085c09d046d2d56 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Wed, 1 Apr 2020 17:22:28 +0200
Subject: switch to next release version 1.1.1
---
eaaf_core/pom.xml | 2 +-
eaaf_core_api/pom.xml | 2 +-
eaaf_core_utils/pom.xml | 2 +-
eaaf_modules/eaaf_module_auth_sl20/pom.xml | 2 +-
eaaf_modules/eaaf_module_moa-sig/pom.xml | 2 +-
eaaf_modules/eaaf_module_pvp2_core/pom.xml | 2 +-
eaaf_modules/eaaf_module_pvp2_idp/pom.xml | 2 +-
eaaf_modules/eaaf_module_pvp2_sp/pom.xml | 2 +-
eaaf_modules/pom.xml | 2 +-
pom.xml | 2 +-
10 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml
index 520884ea..4ee46149 100644
--- a/eaaf_core/pom.xml
+++ b/eaaf_core/pom.xml
@@ -4,7 +4,7 @@
at.gv.egiz
eaaf
- 1.1.1-SNAPSHOT
+ 1.1.1
at.gv.egiz.eaaf
diff --git a/eaaf_core_api/pom.xml b/eaaf_core_api/pom.xml
index 7f688734..5da7ad89 100644
--- a/eaaf_core_api/pom.xml
+++ b/eaaf_core_api/pom.xml
@@ -7,7 +7,7 @@
at.gv.egiz
eaaf
- 1.1.1-SNAPSHOT
+ 1.1.1
at.gv.egiz.eaaf
eaaf_core_api
diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml
index 7cf6a266..eb65b01e 100644
--- a/eaaf_core_utils/pom.xml
+++ b/eaaf_core_utils/pom.xml
@@ -7,7 +7,7 @@
at.gv.egiz
eaaf
- 1.1.1-SNAPSHOT
+ 1.1.1
at.gv.egiz.eaaf
eaaf_core_utils
diff --git a/eaaf_modules/eaaf_module_auth_sl20/pom.xml b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
index 482596a2..c113ef98 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/pom.xml
+++ b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
@@ -6,7 +6,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.1-SNAPSHOT
+ 1.1.1
eaaf_module_auth_sl20
Generic SL2.0 authentication
diff --git a/eaaf_modules/eaaf_module_moa-sig/pom.xml b/eaaf_modules/eaaf_module_moa-sig/pom.xml
index eb2cdae8..aa63b3c3 100644
--- a/eaaf_modules/eaaf_module_moa-sig/pom.xml
+++ b/eaaf_modules/eaaf_module_moa-sig/pom.xml
@@ -5,7 +5,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.1-SNAPSHOT
+ 1.1.1
eaaf_module_moa-sig
MOA-Sig signature verification module
diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
index efc359aa..253d0afb 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
@@ -7,7 +7,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.1-SNAPSHOT
+ 1.1.1
eaaf_module_pvp2_core
eaaf_module_pvp2_core
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
index b570c88a..e8fb2acc 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
@@ -5,7 +5,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.1-SNAPSHOT
+ 1.1.1
eaaf_module_pvp2_idp
eaaf_module_pvp2_idp
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
index cf2ac340..3b661c7b 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
@@ -5,7 +5,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.1-SNAPSHOT
+ 1.1.1
eaaf_module_pvp2_sp
eaaf_module_pvp2_sp
diff --git a/eaaf_modules/pom.xml b/eaaf_modules/pom.xml
index 3addb4b5..84f4163d 100644
--- a/eaaf_modules/pom.xml
+++ b/eaaf_modules/pom.xml
@@ -4,7 +4,7 @@
at.gv.egiz
eaaf
- 1.1.1-SNAPSHOT
+ 1.1.1
at.gv.egiz.eaaf
diff --git a/pom.xml b/pom.xml
index 735c7b3d..0bcde9ed 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
4.0.0
at.gv.egiz
eaaf
- 1.1.1-SNAPSHOT
+ 1.1.1
pom
EGIZ EAAF components
--
cgit v1.2.3